George Ou wrote:
Blocking port 25 harms a lot of legitimate uses. Why not do the following
to deal with the issue as a whole.
Blocking open relays harmed a lot of legitimate uses. In fact, quite a
lot of the complaints about port 25 blocking today sounds awfully
similiar to the complaints about blocking/closing open relays seven
years ago. But it still happened, because the legitimate use of open
relays was vastly outweighed by the abuse of it. I would argue that
unblocked port 25 on consumer level accounts has a similiar ratio of
abuse versus legitimate use that open relays did. Those who had
legitimate use of open relays were able to find alternatives. Those who
legitimately use outbound port 25 access have alternatives already which
include smtp auth, ssh tunneling, VPN, configuring your MTA to use your
ISP's mail server as outbound relay, asking your ISP for an exemption to
blocking, or simply using a premium ISP which offers static IP and
allows servers.
As the owner of a few small personal domains and someone
who uses outbound 25 for legitimate SMTP relay, I'd much rather you force me
to put in a few SPF records than blocking my outbound port 25 access.
If you actually read the article, his suggestion would completely
accomodate your situation. He proposes that port 25 be blocked by
default on dynamic address consumer level services, but that users can
apply for an exemption with their ISP. Power user ISPs such as those
that offer static IP would not be blocked by default. It also bears
considering that, present company excluded, the number of people who
legitimately use outbound port 25 on consumer ISPs is a vanishingly
small number. Is it really worth allowing so much abuse to continue
just to preserve this luxury for a few people who could use one of the
alternatives above?
Similiarly, your suggestion to universally implement SPF would require
that every domain and mail server on the planet to implement your
solution, versus port 25 blocking which would only require a few power
users to make some changes. Which is more likely to happen?
I agree with Larry. It's well past time to implement this on all
consumer level ISPs.
--
James Lick -- 黎建溥 -- jlick(_at_)jameslick(_dot_)com -- http://jameslick.com/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg