On Tue, 12 Apr 2005, George Ou wrote:
-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org
[mailto:asrg-bounces(_at_)ietf(_dot_)org] On Behalf Of Bill
Cole
Sent: Tuesday, April 12, 2005 3:26 PM
To: asrg(_at_)ietf(_dot_)org
Subject: RE: [Asrg] article: port 25 blocking
You're always free to implement port 25 blocking on your side for inbound
traffic which effectively achieves the same thing for your network. You
just need to implement a large ACL yourself that might be synchronized with
a large shared database somewhere on the net. Why do you want everyone else
to implement outbound port 25 blocks for you?
The advantage that the source ISP has is that they have actual knowledge
of which IP addresses are dynamic and which are not. The receiving MTA can
use DNSBLs and the RDNS to guess, but it seems that a fair number of ISPs
give dynamic looking addresses to customers with legitimate mail servers.
Not a good idea, but the customer will likely not know why there mail is
often rejected. Of course, the ISP could inform the DNSBLs of which
addresses were dynamic, which would allow the DNSBL to be just as accurate
as the outbound port 25 block.
One advantage of using DNSBLs rather than blocking port 25 is that it
enhances the value of DNSBLs. If more MTAs use a good DNSBL that helps
control spam from static addresses. Otherwise, I hardly think it makes a
difference if the packets are stopped at the outbound router or the
receiving MTA. It is just a couple of packets - not the entire spam
message.
The worst spam crime has to be mixing spam with legitimate mail from the
same address. If an address sends only spam, it is easy enough to ignore.
George
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg