Fun new policy at AOL
Matthew Crocker
matthew at crocker.com
Thu Aug 28 16:00:29 UTC 2003
On Thursday, August 28, 2003, at 11:07 AM, Joel Jaeggli wrote:
> On Thu, 28 Aug 2003, Matthew Crocker wrote:
>
>>
>> Shouldn't customers that purchase IP services from an ISP use the ISPs
>> mail server as a smart host for outbound mail?
>
> applying that standard just how large do you have to get before
> you "graduate" to running your own smtp server. "I'm sorry we won't
> accept
> mail from you because you're not an lir?"
>
If a larger corporation showed that they have a clue we remove the
filters. If we start getting virus/spam notifications on again we
re-enable the filter. We are either primary or backup MX for all of
our customers. We can implement a port 25 inbound filter on a customer
and their inbound mail is unaffected. We can then contact the customer
and work with them to fix their broken mail server and remove the
filter.
We make the determination based on skill level of the customer, not
their size.
How does this sound for a new mail distribution network.
Customers can only send mail through their direct provider
ISPs can only send mail to their customers and their upstream provider.
They purchase the ability to send mail to the upstream as part of
their bandwidth.
ISPs can contact and work out other direct mail routing arrangements
between themselves. For example, ISP A could send directly to ISP B if
there is a large amount of A -> B mail. Both ISPs have to agree.
ISPs form a trusted ring of mail servers for direct connection. All
others get shipped upstream to the next available mail server.
All mail servers are known, logged and can be kicked off the network by
the upstream provider.
A central core of distributed mail servers gets built by each backbone
ISP. The backbone ISPs peer with one another (trust each others mail).
backbone ISPs accept mail from their customers and can block that
mail if their customer doesn't have a clue.
Everything is logged, everything is validated. Setting up a mail
server involves more than getting a static IP and setting up an MX
record.
SPAM is eliminated because it can't enter the trust ring unless it goes
through an ISP. That ISP can be kicked off if they allow spammers.
Viruses are managed because they can be tracked back to their origin.
block at the core. virus protection could also be made a requirement
for entering the trusted mail ring.
Mail servers are set to deny all mail by default, opening up
connections from trusted hosts as you build trusts relationships.
Contact information needs to be maintained. I can't get into Sprints
trust ring unless I can contact them
This can be phased into service by setting up trusted and untrusted
mail servers. All mail entering untrusted mail servers has a higher
spam score and cannot be forwarded outside the local network.
Trusted mail (i.e. from customers) can be forwarded upstream to other
trusted,non-trusted mail servers.
-Matt
More information about the NANOG
mailing list