Service Criticality Framework
• 5 min read
Defining the criticality of RIPE NCC services provides a whole range of benefits. In this article, we take a look at the model we're adopting in order to determine a criticality rating for our services.
Razvan C. Oprea
2
Articles
46
Likes on articles
Mail Filtering - Rethinking Our Reliance on RBLs
• 4 min read
Keeping the channels of communication between us and the wider Internet community open has always been one of our main priorities. Just lately we received some input that caused us to rethink the way we've been doing things on this front.
Showing 2 article(s)
“From my experience, a well-trained bayes-db with carefully adjusted individual scores for certain rules is sufficient. I'm not using external RBLs for blocking (just some defaults, Spamassassin uses for additional checks) and also no greylisting.”
Agreed, the key here is " well-trained bayes-db", otherwise it can do more harm than good. Regarding greylisting, it seems it is no longer as efficient as in the past and we might remove it in the near future.
“Maybe you can get in touch with Peter, who is actively running the BGP powered Spam list at https://bgp-spamd.net/, where you vould also contribute with the amount of Mails you receive”
Thanks for the pointer, Mark, I'll look into it.
“I hope this is fixed asap.. host mahimahi.ripe.net[193.0.19.114] said: 550-rejected: XXX.XXX.XXX.XXX is in a black list....”
Pavel, if you are subscribed to ncc-announce mailing list and still get this message, please contact us at https://www.ripe.net/contact-form and we'll look into it.
“RIPE NCC should follow only official SMTP standartds and RFCs. Strange private and not transparent companies like spamhaus should not be used. People, ISPs, Datacenters lot of times got delivery problems with because of non transparent, not objective blacklists. There are a lot of cases in the internet showing that such blacklists should not be used. It's a good opportunity to use only new SMTP options like TLS, DMARK, SPF specially done for that. Third-party RBLs should not be used.”
We are already using TLS and SPF. I mentioned above we will implement DKIM, DMARC and dial down on relying on third party RBLs.
“just going to leave this report on mail here: https://internet.nl/mail/ripe.net/274171/ consider also implementing DANE”
Thank you for the link, we know about the internet.nl reports. DANE is indeed something we are looking into as well.
Showing 5 comment(s)