ingress SMTP

Matthew Moyle-Croft mmc at
Sat Sep 13 00:41:02 CDT 2008

Hi Bill,

Bill Stewart wrote:
> In some sense, anything positive you an accomplish by blocking Port 25
> you can also accomplish by leaving the port open and advertising the IP
> address
> on one of the dynamic / home broadband / etc. block lists,
> which leaves recipients free to whitelist or blacklist your users.
Except that this tends to lead to a worse situation for people like 
yourself who wish to run a mailserver - because ultimately you'll have 
to resort to using an ISP's forwarder anyway because there will be more 
spam from the IP ranges you're in leaving to the wide world, thus a 
worse reputation, and so more blocking.  

ie.  by blocking outbound SMTP by default and getting customers to use 
our mail cluster their email is more likely to arrive and not be dropped 
as coming from a potential spam source.  

> I've toned down my vehemence about the blocking issue a bit -
> there's enough zombieware out there that I don't object strongly to an ISP
> that has it blocked by default  but makes it easy for humans to enable.
That's what we do - by default most customers have a small ACL applied 
which protects them from traffic from various windows ports, ensures 
SMTP goes via our mail cluster etc.   Having customers send mail out via 
us is actually better because we do spam checking and can alert 
customers to their machines being compromised etc (or at least customers 
can look at their status themselves).   But, customers can easily turn 
the filtering off via the portal we have.

We have no issues with customers running servers - most people don't, 
and those who do value the ability to do so.


Matthew Moyle-Croft - Internode/Agile - Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at  Web:
Direct: +61-8-8228-2909		    Mobile: +61-419-900-366
Reception: +61-8-8228-2999          Fax: +61-8-8235-6909

More information about the NANOG mailing list