Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
1. Is MTA MARK a useful enough proposal to be pursued further IN
COMBINATION with other anti-spam tools and techniques (including port
filtering)?
Yes.
2. Is port filtering, on port 25 especially, should be something that is
going to be recommended by the ASRG?
No.
It's something we should describe as an option. We should describe
it's benefits, and it's limitations. We should put a big "use at your
own risk" warning label on it. We should also say that ISP's MUST
tell their users that they do this, to enable informed consent.
For ISP's who know (AUP, etc.) that certain IP ranges will never
have an MTA sending mail, filtering outbound port 25 may be
beneficial. For other situations, it may cause more problems than it
solves.
Port blocking on the other hand seems controversial enough, that it
should be something best left to each ISP to decide. Instead we
should recommend that ISPs have a strict AUP and actually enforce
it.
I would like to enforce the ISP's AUP, too. The ISP should
therefore publish it in a manner in which I can parse: MTAMark, LMAP,
etc. My problem with these "solutions" is that they're post-facto,
and still permit the AUP to be violated. Blocking port 25 is
appealing, because it prevents AUP violations. But it's a very
dangerous practice, from a number of perspectives.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg