Outgoing SMTP Servers
bjohnson at drtel.com
Mon Oct 31 20:17:16 CDT 2011
Sent from my iPad
On Oct 31, 2011, at 4:17 PM, "Robert Bonomi" <bonomi at mail.r-bonomi.com>
> There is an at-least-somewhat-valid argument against outbound filtering.
> to wit, various receiving systems may have different policies on what is/
> is-not 'acceptable' traffic. They have a better idea of what is acceptable
> to the recipients (their users), than the originating MTA operator does. An
> originating system cannot accomodate that diversity of opinions _without_
> getting input from all prospective recipients.
> And it is, of course, 'not practical' for every email recipient to notify
> every email 'source' network as to what that recpient considers 'acceptable'.
> <wry grin>
This is not plausible. It also has nothing to do with a network owner protecting his network from his own users.
> There are only a relative handful of things a _residential_ provider can
> use to "reliably" filter outgoing mail. A non-comprehensive list:
> 1) 'Greylisting' at the origin is as effective at stopping spam as it is
> at the destination.
> 2) Checks for certain kinds of standards violations that legitimate mail
> software does not make.
> 3) Check for certain kinds of 'lies' in headers -- things that *cannot*
> occur in legitimate email.
> 4) 'Rate-limiting' to detect/quarrantine abnormal traffic levels.
> 5) Tracking SMTP 'MAIL FROM:" and the "From:" (or 'Resent-From:', if
> present), and quarrantining on abnormal numbers of different putative
> There's no point in checking source addresses against any DNSBL, for reasons
> that should be 'obvious'. <*GRIN*>
> Further, any sort of "content" filters prevent customers from _discussing_
> scams in e-mail.
> There is a 'hard' problem in letting the source 'opt out' of such filtering,
> because an intentional 'bad guy' will request his outgoing mail not be
> monitored, as well as the person who has a 'legitimate' reason for sending
> messages that might trip mindless content filters.
> Statistical note: Out of the last roughly 6,000 pieces of spam seen here,
> circa 2,700 were caught by checks 2), and 3) above, and another circa 2,600
> were in character-sets not supported here. Incidentally, spam volume, as
> seen here, is running a bit _under_ 2/3 of all email, down from a peak of
> over 95%.
This misses the point of the thread which is not filtering. It is port 25 blocking. Statistically all of he problems exist on TCP port 25. This is why the filtering is largely effective.
More information about the NANOG