On Mon, Jan 07, 2008 at 09:33:50AM -0500, Michael Holstein wrote: > > >and no involvement with SORBS idiots is required. > > If you don't like SORBS, don't use them. > > TOR doesn't try to be invisible .. if a site admin wants to block > anonymous ($whatever) .. they're free to do so, and SORBS just makes it > easier (the TOR dnsbl). > > Statistically speaking, the volume of non-legitimate email coming from > anonymous routers makes TOR a pretty easy target. We've been through this before, and so far as I know, the problems with the SORBS Tor DNSBL remain more or less as they were before. (I don't want to single out SORBS here; other dnsbl services for Tor nodes have taken the same approach.) I support everybody's right to reject anonymous email; I support everybody's right to reject email based on any criteria they like. It's your server. But the last time I looked, the SORBS Tor list tried to include _all_ Tor servers, not just the ones that are configured to relay SMTP. In other words, the effect of these lists is not only to block anonymous SMTP via Tor, but also to block email from people who run middleman Tor servers that don't deliver anonymous email at all. That seems pointlessly coarse-grained to me. Now, if somebody wants to block anonymous email, and they don't mind blocking all non-anonymous email from people running Tor servers that don't even support anonymous email, then these dnsbls meets their needs just fine. On the other hand, if your only goal is to block anonymous SMTP, and you agree that blocking all Tor servers is very overreaching, you might instead try looking at the more targetted DNSEL service available at http://exitlist.torproject.org/ It lets you block _exactly_ those servers that relay traffic on given ports to your address. For a more thorough rationale, and a fairly detailed spec of how to make a compatible implementation, see https://www.torproject.org/svn/trunk/doc/contrib/torel-design.txt yrs, -- Nick
Attachment:
pgpNX6yjy2stv.pgp
Description: PGP signature