ietf-mxcomp
[Top] [All Lists]

Re: MTAmark (was: Reality check please)

2004-06-11 10:28:43

On Thu, Jun 10, 2004 at 09:21:07PM -0700, Hallam-Baker, Phillip wrote:
I am unable to support MTAMARK because the present proposal is 
incoherent. If I control an IP address I can block port 25, so why
would anyone implement a rube goldberg scheme that allows me
to say 'i should have blocked port 25 but did not'?

- We, as an ISP, sell Internet Access. Our contracts don't allow us
  to block ports as we wish and I am sure most other contracts of
  other ISPs don't, also. Those who do will loose customers to ISPs
  that don't. (I know of ISPs that tried to block P2P networks,
  they no longer do, guess why).
- Filter lists have a large impact on the speed and managability of
  routers. You don't want lists of 65000 entries and more for 65000
  hosts in all/most, not even in some of your routers.
- We shut off spammers (we had one, a dialin customer, back in 1995) and
  relaying hosts immediately as we notice them. This is according to our
  AUP and the German Law.
  However with MTAMARK and a default of MTA=no we and our customers could
  tell others that we don't think they should accept eMails from that IP
  address, so infected machines could not cause harm, like they do now
  not even until we get aware and shut them off.
- Blocking port 25 will also cut off users that only run incoming SMTP
  servers for local networks that have roaming users that want to
  "phone home" and inject some authenticated emails.

As I and many others have said before, blocking ports at will is
not a solution for anything.

Ask the ISPs to do something coherent such as using the reverse
DNS to advertise contact addresses

MTAMARK suggests adding RP (Responsible Person) records along
with the MTAMARK records. RP records are there since RFC 1183
(October 1990). I have never seen one in the wild except the ones
I have added myself.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"