Brett Watson <famous-asrg(_at_)nutters(_dot_)org> sayeth:
A touchy issue, this. Should we consider it Best Current Practice to
filter
outgoing port 25 on "residential" (or similarly classified) access points?
Should we consider it BCP to filter outgoing port 25 on pretty much all
access points unless other arrangements are explicitly made?
[Long and reasonable argument for blocking port 25]
"Yes", but "no". :-)
For a strictly technical reason, mind you. If port 25 becomes predominantly
filtered, email is slimply going to shift ports. We will see an increase of
proxies over port 80 (most likely), and the corresponding abuse.
For that matter, I've figured out a trivial way of circumventing any such
measure to deliver spam; though I am loathe to discuss it here given that I
am fairly certain our adversaries read this list religiously.
I am convinced any solution against spam lie in separating the good email
from the bad, not in trying to prevent garbage from being inserted in the
system in the first place (though you obviously want to choke it as soon as
possible to reduce cost).
Perhaps a better direction to look in is not to prevent port 25 access
without prior arrangement but to prevent mass mailings without such
arrangements (however we choose to define this). Throttling and refusing to
send email to more than a few destinations come to mind, asking legitimate
mailing lists to authenticate with a willing mail relay is not unreasonable
and doesn't prevent the general end to end philosophy.
I wouldn't mind if the ISP where my colo box lives refused to let me send
more than n mail per hour, say, unless I had a specific arrangement
otherwise.
I don't think it's realistic to try to prevent one-to-one spam, but
one-to-many mailings are easier to detect, and easier to control.
-- Marc
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg