On Jun 20, 2009, at 2:33 PM, Franck Martin wrote:
----- "Alessandro Vesely" <vesely(_at_)tana(_dot_)it> wrote:
What do you mean by "problematic users"? Providers of residential
cables, WiMAX, and similar connections could block or redirect port
25, just like most universities and companies do. They used to do it,
as long as they provided mailboxes as a bonus and ISP and ESP were
synonyms. Submission port 587 is not yet universally employed, and
some customer may not accept to be unable to reach their favorite
server's ports 25 or 465. "Blocking port 25 except for a set of
servers used for submission" is not something that can be easily
defined and maintained by ISPs, IMHO.
yes I'm not sure that blocking port 25 will ever be possible. I
think less and less people want their mailbox tied up to an ISP,
this is why they get a mailbox on yahoo, google, etc... So these
services requires you usualy to connect via port 25 and authenticate,
Nope, port 587.
but that means for the ISP to let port 25 open. Blocking port 25 and
letting port smtps/465 open to allow users to still submit email is
better, but just a temporaray measures until botnet use smtps to
submit.
You're conflating two quite different things here, SMTP submission and
SMTP delivery.
Blocking port 25 outbound (and ideally, inbound) allows an ISP to
prevent their customers from delivering email directly to recipient
MXes. It does not prevent their customers from using third-party
smarthosts at all, as everyone who is intentionally running a third
party smarthost is listening on port 587.
Bots using port 587 (not 465, that's mostly obsolete) to submit mail
is a wholly different issue. A bot doing that needs credentials to do
so (a username and password) and misuse of those credentials will lead
to them being revoked.
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg