Re: Sites that block dynamic/dialups

From: D. Stussy (kd6lvw_at_bde-arc.ampr.org)
Date: 11/19/03


Date: Wed, 19 Nov 2003 08:36:32 GMT

On Mon, 17 Nov 2003, Jem Berkes wrote:
> People who run small sites such as my own may notice that some commercial
> sites are now blocking SMTP connections from dynamic IP addresses.

You're just noticing this NOW? That started THREE years ago with some of the
smaller sites and about 1.3 years ago, the major ISPs picked it up too (except
that ISPs obviously cannot block their own customers - but for the dial-up
service, may direct those customers to relay via their outbound mail service).
This is not news. This is the current status quo.

> It is for this reason that I am publishing a list of domains that require mail
> delivery through ISPs. These sites have decided that they will only accept
> mail from commercial IP addresses and not from 'consumer-class' addresses.
> That's their decision to make, though I think it's a misguided one that will
> further divide Internet among commercial lines.

No, it's not (misguided). Why?

1) It requires the dial-up user to "validate" himself against his ISP's
service. It also places responsibility on the ISP by putting their server(s) in
the spam or virus trace path.

2) It attempts to solve the problem of misconfigured servers by the average
person, infected systems, and spam. Much of this comes from dial-up accounts
and lately, CABLE and DSL served machines (i.e. "always on" internet access).
Not accepting direct connections from these "lowers the noise."

> The following domains do not accept mail transactions from dynamic IPs:
> http://www.pc9.org/antidyn
>
> You can use this list with postfix to generate an /etc/postfix/transport
> file. This will allow you to continue direct mail delivery to all
> domains, except for the ones indicated. For those domains mail can be
> relayed through your ISP's server - smtp.example.com
>
> In main.cf:
> -----------
> transport_maps = hash:/etc/postfix/transport
>
> Load list:
> ----------
> cat antidyn | sed 's/$/\t\tsmtp:[smtp.example.com]/' > transport
> postmap /etc/postfix/transport
>
> Enable:
> -------
> postfix reload
>
>
> Feel free to send me more domains if you know that they refuse mail from
> dynamic IPs. I'm sure I'll get lots of replies telling me "I should use
> my ISP's mail server for all mail". This is more convenient (faster, more
> reliable, efficient) so I will deliver mail myself thank you.
>
> Others will point out that dynamic IPs are blocked because of spam/worms.
> While it's true that much spam comes from dynamic IPs, there are even
> better ways to block such abuse. If your goal is to block dynamic IPs,
> then you use a dynamic blocklist. If your goal is to block spam/viruses,
> use a DNSBL designed for that. They're in no short supply:
>
> + blackholes.easynet.nl
> + psbl.surriel.com
> + cbl.abuseat.org
> + relays.ordb.org
> + list.dsbl.org
> + sbl.spamhaus.org