[Dshield] Need some help testing

[Tomas L. Byrnes]

If I am to sum up the attitudes of those who like blocking static
"dynamic" addresses it is:

Only businesses (or people willing to pay for business service) should
have their own mail relays.

I don't even know where to start with that one. It is a symptom of
exactly what has gone wrong with the Internet since the telcos became a
major force in it: a return to the hierarchical idea of the PSTN that
the Internet beat hands down, precisely because of its decentralized,
fundamentally peer to peer, anyone can experiment, nature.

It fundamentally breaks the architecture of the Internet as a peer to
peer system, forces people to use entities they may not trust, in many
cases validly (given the warrantless wiretapping that has been going on,
to say nothing of the common practice in parts of the world with little
respect for human rights), for mail relay services, and drastically
reduces anyone's ability to test and prototype anything using filtered
protocols. 

It's also pretty high-handed on anyone's part to call an IP address that
they know may well actually be static, "dynamic".

Sure this approach reduces SPAM, so would only white listing MTAs you
actually trusted. Both do it for the same reason: they deny connections
from the vast majority of the IPV4 space.

You may consider that a valid approach, and if you have a small number
of users, who either don't know what they are not getting, or don't
particularly care, then the denial of service you are instituting may
not matter. Effectively, what you are doing is denying all except a
pretty well-defined set of addresses that should be "good", and then
filtering that for the addresses that may have had a bad actor on them
at some time in the past, and then white listing when someone complains.
Effectively, you're building a small subset of the Internet as a SMTP
closed user group.

For larger networks, especially ones with lots of entropy in their
legitimate peers, this approach is suspect, IMO.