From: "mouss" <mo...@ml.netoyen.net>
Sent: Monday, 2009/December/21 15:47
jdow a écrit :
http://isc.sans.org/diary.html?storyid=7780
It can be quite frustrating to run an ISP and comply with the often
arbitrary, strange, and I suspect contradictory demands of the likes
of SORBS and Trend Micro. An ISP Abuse handler vents in this article.
from the text, there is no way to see whether the guy is right or wrong.
there is no evidence.
I doubt Trend Micro _require_ "smtp/mail/...". they may recommend it.
but they certainly accept mail from a lot of servers whose name has no
smtp/mail/... in it.
as for sorbs, my experience is that they will easily unlist any host
that was listed by error. (I am talking about duhl).
so in my opinion, this is just blah blah blah blah.
and yers, it is reasonable to block ad\d+\.$domain, because "ad"
generally means "active directory", which has no business sending mail.
sure, one should be free to name his mail server, but we are free to
block what looks like a ratnet. this includes things like
2.3.4.5.static.example.com,however static it is. if you want to send mai
in these spam days, the least we ask you is to "name" your server.
At least one well respected ninja sort from this list is also a
volunteer SANS Internet Storm Cellar operator. These folks do not seem
to be in the least "inexperienced" in the ways of malware and malware
delivery. That is why I take that diary entry at face value.
I agree he could have included more information than he did without
giving away names involved. One piece of wording suggests he is an
admin at a box or rack rental place such as rackspace rather than a
wire rental place; and, it's customers are meeting with the problems
he's expected to clear up.
{^_^}
