Re: Advice on best way to set up multi-route NAT for lots of IPs

[Anton Melser <anton@linux.com>]

>> Frankly, this looks to me like bulk-email-laundering.  That is, it's a
>> way to convey email "reputation" from one of 3-8 "trusted" IPs to the
>> 1600 "unknown" ones.
>
> This discussion is very intriguing to myself, no matter how OT. I'm
> quite sure I'm not the only one.
>
> It sounds to me like someone needs help on how to hide a botnet using an
> iptables script at first glance. It can't be that of course so why are
> 1600 hosts wanting to send bulk email ?
>
> spam has given email marketing such a bad reputation that I'd really
> like to know why there are 1600 hosts that need to send
> business/marketing email. Why 1600 ?
>
> Sorry I'm new to the list and I realise I am contributing to the
> OT-ishness of this thread.

I said to myself "don't mention port 25, you'll get a barrage of
insults..."! But I realise it is intriguing to many people, and it's
very easy to jump to conclusions. I suppose the simplest way to
explain why 1600 is the following. If we accept that it is valid for a
client to have an IP and this client will send their newsletters from
only this IP and build reputation on this IP, then it is trivial: 1600
IPs = 1600 clients. If an intern for company X makes a booboo
(something like
http://it.slashdot.org/story/11/12/28/1929232/new-york-times-hacked
for example!) then company Y shouldn't suffer, should they? They will
need different IPs then.  Mailchimp claims (or claimed at one point)
to have 100,000 clients (I am not involved with Mailchimp in any way,
they are one of the biggest in the industry so I'm picking on them).
So 100000 IPs? It's more complicated than that unfortunately, as MSPs
and ISPs require certain minimum levels of traffic. The blog link
above in the thread mentions why you might not want a dedicated IP if
you don't send enough. The problem being that if you don't send for a
while, and then suddenly start sending again, everything gets
completely blocked or put in the spam folder. The vast majority of
companies can't warrant employing someone who spends their days
researching the latest requirements for sending newsletters, so they
sub-contract that to an application service provider (an Email Service
Provider). So we need lots of IPs and we need to manage them
efficiently on behalf of our clients.
Actually we don't use nearly 1600, as currently IP management is not
as optimised as it would be with a NAT (or similar) solution. We have
a lot of ad agencies as clients though, and they are only working for
their clients (white label or not), and we have many, many more than
1600 "end clients". We also definitely have clients that want to have
redundancy on connection providers (going over different backbones,
etc.), and bandwidth is cheaper on X but more reliable on Y, etc. so
we need different providers. My solution needs to be able to support
more than we could ever throw at it, so I want it to be able to
support 1600 IPs from the start.
Cheers
Anton
ps. Also see my response to Lloyd's last post.