charles at thewybles.com
Wed Sep 3 15:58:21 CDT 2008
> What I'm trying to get a feel for is this: what proportion of edge
> customers have a genuine NEED to send direct SMTP traffic to TCP 25
> at arbitrary destinations?
Probably very few.
> The big providers -- comcast, verizon, RR, charter, bellsouth, etc --
> seem to be some of the most significant sources of spam and malware
> attempts, mostly from compromised end-user machines, and it seems
> that simply denying *INGRESS* of TCP 25 traffic except to the given
> ISP's outbound relay servers would cut an awful lot of it off at the
I have SBC / AT&T / Yahoo DSL in Southern California and they block
outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL
connectivity at that. I'm all for that personally.
It was a minor effort to setup my charles at thewybles.com address to be
allowed out (had to fill out a webform and click a verify link).
Since most people use the address given to them by the provider and most
likely use webmail this certainly won't affect them.
To top it all off I can fill out another web form and specifically
request unblocking of ports and relay out mail server wherever I want.
So SBC has a policy of
deny SMTP relaying by default,
provide clear instructions to allow outbound relay via approved server
if you don't want to be blocked request unblocking via a self service
Seems perfectly acceptable to me.
Charles Wyble (818) 280 - 7059
CTO Known Element Enterprises / SoCal WiFI project
More information about the NANOG