I think this will be my last message in this thread, because it's
clear that we're still talking at cross purposes.
Markus Stumpf <maex-lists-spam-ietf-asrg(_at_)Space(_dot_)Net> wrote:
Our customers are responsible for the traffic they generate. Who says
they aren't?
You do. Without the existence of MTAMark or LMAP, there is no way
for a recipient of traffic from your network to determine that both
you and your users are accepting responsibility.
To repeat what I've said multiple times already: To the recipient,
your users are indistinguishable from spammers, unless they accept
responsibility for their actions in ways that spammers do not.
e.g. MTAmark, or LMAP.
In other words, if a machine on your network is "owned", and sending
spam, I would prefer your intentions to be published BEFORE the fact,
rather than after. Otherwise, I will waste my resources dealing with
the spam attack from your network. I will waste my time tracking down
contact information from you, and then waiting for a possible
response. I may even end up blocking legitimate email from you,
because it's too hard for me to tell the difference between that
legitimate email, and the messages from an "owned" machine.
If you published MTAMark or LMAP information *before* the attack
occured, then I could *automate* my blocking of the spam attack, and
*automate* my notification to your contact address. You get the
notifications more quickly, and I spend a lot less time dealing with
the problem. It's that easy. Everyone wins.
Blocking outbound port 25 from your network for non-MTA's is even
better (from my perspective), because then I don't have to do
*anything* to deal with the attack. You take care of it yourself,
without any involvement from me.
And customers that abuse our AUP or have 0wned hosts not only get
port 25 blocked but they get pulled the plug.
To repeat again and again: How do I know? Making those statements in
a mailing list is useless. You need to make them in a way that MTA's
can discover and use. That's my entire reason for having this
discussion.
Where's the problem?
/You/ (and that's the analogy here) are free to block all connections to
/your/ SMTP port and only allow a whitelist through.
Without your help, that becomes significantly more difficult for me
to do. With your help, it becomes almost trivial. So if both of us
help each other, then the work that each of us has to do will drop.
If we get a complaint we analyze it, and if there is evident of abuse
we do not filter the customer, we pull the plug and terminate the contract.
Let me repeat until my fingers bleed: This is a post-facto,
band-aid "solution". You're talking about *intentionally* allowing
abuse of the network, because you know that you will stop it after it
happens.
I don't know that. And I don't see why I should suffer because of
your delay between being informed of the abuse, and in stopping the
abusive behaviour. I don't see why I should suffer because some user
in your system screwed up.
It's like saying you don't need to keep your rabid dogs tied up,
because a rabies treatment exists. And insurance will cover any
personal injury I might have from them attacking me. So it's
perfectly OK for you to let them run wild. Any attack I suffer can be
dealt with, and you can always pull the dogs off of me...
It's ridiculous.
In the real world, people are forced to accept responsibility
*before* bad things happen. People are forced to change their
behaviour, and to restrict their actions, to *prevent* bad things from
happening. That's life, and I don't see why it's so hard to apply
that attitude towards the net.
The section clearly makes a differentiation because there is
MUA <-> MTA <-- smtp --> MTA <-> MUA
and not
MUA <-- smtp --> MUA
and that's why according to that RFC SMTP is not an end-to-end mechanism.
The RFC does not say anything about companies, users or hosts as end-to-end
partners. Is only says that it is not a MUA <> MUA protocol.
It's not a MUA to MTA protocol. So why would people not block
ougoing port 25 from dial-up networks, where no MTA's can exist? The
only MTA those users should be connecting to is yours, right?
And SMTP is without any doubt an end-to-end mechanism for most SMTP servers
Nonsense. The "end to end" principle is about users, not servers.
and without any doubt a large number of companies and organizations that
are customers of ISPs, run their own SMTP speaking MTA in an end-to-end way.
And that is what you want to abolish.
WTF? Are you on crack? That's nonsense.
Thanks for that last sentence. You've made it perfectly clear to
mea that you can't understand what I'm saying, and that I'm wasting my
time trying to explain my position to you.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg