Nico Kadel-Garcia wrote:
It adds up. Some of this is the cost of doing a competent business, but
that doesn't make enforcing a rigorous policy cheap. You lose customers
who get cut off and then find some less well-run service to connect
them. (For example, ISP's that simply block port 25 outgoing, use
SMTP-AUTH, and don't have to worry about this.)
An ISP can use SMTP AUTH and still feel a need for pulling customers'
plugs. Worms can use SMTP AUTH, as has already been proven in the field.
Anyway, ignorant users wandering off to less well-run services is in the
world's best interest, because then the rest of the world can just ignore
them due to their bad reputation (AKA black-list them).