Lazy network operators

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14-apr-04, at 1:56, John Curran wrote:

>> This approach has two main advantages over filtering port 25:

>> 1. People can still talk to unlisted SMTP hosts if they feel they 
>> have a good reason to do so (ie, I get >to deliver messages directly 
>> to my server from home rather than being forced to use my service 
>> >provider's which may or may not work)

> You're right...   Rather than simply having you tell your provider 
> that you're
> responsible and having port 25 outward opened up,  the freedom for 
> anyone
> to send to port 25 on an ad-hoc basis like we have today is a better 
> idea.
> Today's spam isn't a problem; everything's working as designed.

I understand your frustration, but the approach of blocking port 25 
isn't the right one. It may be convenient for you, but there are plenty 
of people who have good reasons for using other SMTP servers than their 
access provider's ones. And do you think people who are unable to run a 
good mail service will be able to selectively open up filters in a sane 
way? Filtering can also have a serious performance impact on some 
equipment. And of course this approach isn't going to work anyway: many 
access providers can't even be bothered to implement anti-spoofing 
filters, so there is no way that ALL consumer access providers are 
going to do this within a reasonable time frame.

>> The good news is that the IETF is now starting work on this, so 
>> expect results in two or three years.

> Great idea: here's a case where we need less connectivity and better
> operational practices, but rather than take that task on, we should do
> more protocol work.

The idea is that new records in the DNS show which hosts are allowed to 
deliver mail for a domain. This means spammers must use a domain they 
control. That's a good start, as it makes white- and blacklisting a lot 
easier.

However, this isn't enough. A next step would be to require that a host 
that is delivering mail must be flagged as a designated outgoing SMTP 
host for the reversed mapping domain name of its IP address. (Which 
obviously isn't going to happen for Joe Cable or Jane ADSL.)

(There is still an issue with IPv6 though, as here everyone, including 
consumers, usually runs their own reverse DNS servers.)

> The reality is that the vast majority of email is handed off to a 
> designated
> mail relay (whether we're talking about consumer connections or office
> environments), and if we actually configured connectivity in this 
> matter,
> there wouldn't be a problem.

I don't think cutting off one of the monster's heads will do it (there 
was spam in the good old days when Windows didn't do IP without 
installing Trumpet Winsock or something similar). There are other ways 
to get rid of almost all spam, but apparently for most people the pain 
isn't bad enough to start using them yet. (I installed Spamassasin over 
the weekend, and it caught 50 of 53 overnight spam messages. My client 
caught the remaining 3, no false positives.)

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]