Lazy network operators
JC Dill
nanog at vo.cnchost.com
Wed Apr 14 19:16:46 UTC 2004
At 10:47 AM 4/14/2004, Iljitsch van Beijnum wrote:
>On 14-apr-04, at 17:45, JC Dill wrote:
>
>>>I understand your frustration, but the approach of blocking port 25
>>>isn't the right one. It may be convenient for you, but ...
>
>>Dood, this *exact* argument was made ~10 years ago against closing open
>>relays. So, do you think that everyone should just open their servers to
>>relaying for anyone, since closing all the open relays has proven to be
>>inconvenient for some, and not a 100% effective solution?
>
>Hm... "If you go faster than 30 km/h in a train the air will be sucked out
>and everyone inside will suffocate" vs "if you fly through the
>stratosphere in an airplane without a closed cabin the air will be sucked
>out and everyone inside will suffocate". So just because the former turned
>out incorrect the latter is as well?
That's a bad analogy, therefore your comparison is worthless. Closing port
25 is *very* similar to closing your server to relaying. It is a way to
ensure that only authorized users send email from your network.
>However, filtering TCP port 25 is bad not just because it is massively
>inconvenient for many people (ever work in support?)
Simply put, I do not agree with your assertion here.
Most people are not inconvenienced by this change. In reality, very *few*
people are inconvenienced. And those people have alternate solutions. I
have helped many people configure one of these solutions when they have
encountered port 25 blocking. Recently, I helped a friend who was suddenly
"no longer able to send work email from her laptop at home" because their
home DSL connection thru her husband's employer had implemented port 25
filtering. The solution was to create a profile on her laptop that used
the DSL provider's server, and for her to select that profile when sending
email from home. An even simpler solution would have been to use port 587,
if her own work server had offered this option (unfortunately, it doesn't).
Many ISPs have successfully implemented port 25 filtering. The support
costs associated with implementing this change are small in the long run,
especially when compared to the reduced abuse support costs you will
realize when you are no longer empowering your users to abuse port 25 on
other servers.
This is the same story as when you closed your open relays, and briefly had
increased support costs, which were offset by the reduced abuse support
costs since you no longer were subject to being used as a relay or getting
complaints about the spam your servers were spewing.
It's been ten years now:
<http://slashdot.org/articles/04/03/05/160229.shtml>
We need to stop whining that it's "hard" or "expensive" do to the right
thing and close loopholes that are abused by spammers. It's much harder
and more expensive long term to NOT do the right thing.
jc
--
p.s. Please do not cc me on replies to the list. Please reply to the list
only, or to me only (as you prefer) but not to both.
More information about the NANOG
mailing list