Month: July 2025

Posted on

Frontier Fiber / Static IP

After many years I decided to pull the trigger on getting a static IPv4 address. The biggest factor in the decision was my wife’s LLC. For Frontier Fiber here are the steps:

  1. Like many other ISPs, Frontier only gives out static IP on “business” grade connections. Without being negative, the first question you get when upgrading from a residential to a business connection is: “What’s the difference?” or “Is there a difference between a residential account and a business account?”. There may be a difference in service level but I can’t see it enumerated anywhere in the service agreements. For me the change was accomplished without changing any equipment. The important thing is that Frontier like Optimum and possibly Xfinity, will only give out static IP on a business account so you have to “upgrade”.
    That was the first part of the process for me. I had to work with Frontier to convert my account from residential to business. From my perspective this looks like moving my file from one file cabinet to another. Further, when I called to manage the process, I always got a customer service rep who handled residential account so I had to wait to be connected to a rep that worked the “business” side of the house.
  2. Once the work order was finished, I was able to setup an appointment to get my ONT reconfigured from residential/DHCP to business/static. The tech showed up this morning. Frontier truly does static IP. As I understand things, they do not use a BOOTP style process where your equipment can learn a static IP assignment via the protocol for DHCP. I wish they did that but they don’t. If I’m honest with myself, I have several servers that get their IP address via DHCP but the address they get is statically tied to a particular MAC address, BOOTP style. Honestly, I find that there are places on my network where this whole thing is brittle and I control the whole thing. It’s probably for the best that they force me to configure things statically.

That’s pretty much it. In my case, I had some cleanup work that had to be done on the account before conversion from residential to business and that delayed the process for me by a few days. But, so long as Frontier stays up, I expect to have the same IP address until I change ISPs. The Frontier techs where tremendously professional during this whole process, they deserve praise for the way this was handled.

I’ll write a future article about how I do ISP failover on OpenBSD one time. This change modifies that process.

Posted on

Email Deliver-ability

Way back in the day in 1996, I remember attending a Birds of a feather session at the USENIX technical conference, on email and spam. The people in the room railed at the spam problem and it was clear that the leaders were taking the spam as a personal attack. I sat quietly in the room, silently noting to myself that none of the proposed solutions, not even adding extensions to the SMTP protocol, were going to stop the growing commercialization of email as a medium. This is because any magic dust that you can sprinkle on email to mark is as trustworthy and not spam, can be and will be ruthlessly adopted by commercial senders to increase their own deliver-ability.

Increasing deliver-ability

I just added DKIM signing to messages that come from vindaloo.com. I did this because I added a new domain to my mail server so I could support my wife’s LLC: moderncrc.com. Honestly, I might have been better off outsourcing this to Purely Mail and if you are here trying to figure out how to set up mail for your own domain, I say that for 90% of people, outsourcing to someone like Purely Mail is the right way to go.

For self hosters and smaller companies, considering hosting there own email, consider the fact that deliver-ability will be your biggest problem. This means that getting other people to accept mail from you and not automatically treat it as spam to be quarantined, rather than read, is the biggest hurdle you will have to get over. In the modern internet, achieving deliver-ability means jumping through a few hoops.

  • You need to get an IPv4 address that hasn’t been fouled by someone using it to send spam. When these addresses get fouled, they get enumerated onto lists called RBLs or real-time blackhole lists. These are DNS based lists that say, this IP address could be, a source of spam. This isn’t generally difficult but it means that you won’t ever be able to send SMTP mail from an end-user internet connection such as an Xfinity or FiOS internet account. And being clear, I mean across cable, fiber, and business, or residential. The best way past this hurdle is to setup your outgoing SMTP server on a VPS from someone like vultr.com. After this you’ll probably need to put in a support request to be allowed to send mail at all. Of course, this pretty much means that you need to know how to run a Linux server with all that that entails.
  • You’ll need to setup DNS for your domain at leas SPF, and DMARC, but probably also DKIM. Microsoft, Google, and Yahoo are all requiring DMARC and either SPF or DKIM to deliver your messages. SPF is simple. You just enumerate the IP addresses that you allow to send email from your domain. DKIM is a little harder. You setup a private-key, public-key pair; then for each message that you send, you extract a portion of it and you arrange for your email server to create a signature of the portion using your private key. You publish the public key in your DNS. People receiving your email from you can verify this signature and if it all works, they know that you are the actual sender of the email rather than a spammer.

Where we ended up

All of this generally works but my frustration stems from the fact that it does very little to reduce spam. For years, over 80% of the spam that I receive has had valid SPF and DKIM and I’m writing this today because yet another obvious phishing attempt was send to me. Of course, it passed SPF and DKIM with flying colors.

Thus we end up in a world of unintended consequences. Rather then the internet as envisioned, a large group of equally participating networks, we are slowly moving to a world where only Microsoft, Google, and Yahoo can deliver email.