Lazy network operators

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:47 AM 4/14/2004, Iljitsch van Beijnum wrote:

>On 14-apr-04, at 17:45, JC Dill wrote:
>
>>>I understand your frustration, but the approach of blocking port 25 
>>>isn't the right one. It may be convenient for you, but ...
>
>>Dood, this *exact* argument was made ~10 years ago against closing open 
>>relays.  So, do you think that everyone should just open their servers to 
>>relaying for anyone, since closing all the open relays has proven to be 
>>inconvenient for some, and not a 100% effective solution?
>
>Hm... "If you go faster than 30 km/h in a train the air will be sucked out 
>and everyone inside will suffocate" vs "if you fly through the 
>stratosphere in an airplane without a closed cabin the air will be sucked 
>out and everyone inside will suffocate". So just because the former turned 
>out incorrect the latter is as well?

That's a bad analogy, therefore your comparison is worthless.  Closing port 
25 is *very* similar to closing your server to relaying.  It is a way to 
ensure that only authorized users send email from your network.

>However, filtering TCP port 25 is bad not just because it is massively 
>inconvenient for many people (ever work in support?)

Simply put, I do not agree with your assertion here.

Most people are not inconvenienced by this change.  In reality, very *few* 
people are inconvenienced.  And those people have alternate solutions.  I 
have helped many people configure one of these solutions when they have 
encountered port 25 blocking.  Recently, I helped a friend who was suddenly 
"no longer able to send work email from her laptop at home" because their 
home DSL connection thru her husband's employer had implemented port 25 
filtering.  The solution was to create a profile on her laptop that used 
the DSL provider's server, and for her to select that profile when sending 
email from home.  An even simpler solution would have been to use port 587, 
if her own work server had offered this option (unfortunately, it doesn't).

Many ISPs have successfully implemented port 25 filtering.  The support 
costs associated with implementing this change are small in the long run, 
especially when compared to the reduced abuse support costs you will 
realize when you are no longer empowering your users to abuse port 25 on 
other servers.

This is the same story as when you closed your open relays, and briefly had 
increased support costs, which were offset by the reduced abuse support 
costs since you no longer were subject to being used as a relay or getting 
complaints about the spam your servers were spewing.

It's been ten years now:

<http://slashdot.org/articles/04/03/05/160229.shtml>

We need to stop whining that it's "hard" or "expensive" do to the right 
thing and close loopholes that are abused by spammers.  It's much harder 
and more expensive long term to NOT do the right thing.

jc



--

p.s.  Please do not cc me on replies to the list.  Please reply to the list 
only, or to me only (as you prefer) but not to both. 

• Previous message (by thread): Lazy network operators
• Next message (by thread): Lazy network operators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]