There is a strong rough consensus in the email operations community that open
relays -- MTAs that accept mail from any source on the open Internet, when it is
directly destined to go back out to the Internet -- prevents providing
reasonable levels of message sender accountability.
That rough consensus has been in place for quite a few years.
sometimes rough consensus is wrong, particularly when it hasn't resulted
from informed, intelligent dialogue. another way to put it is that
sometimes rough consensus is indistinguishable from blind prejudice.
it's possible to have open relays that don't contribute to spam. but
those relays need to employ some other means, e.g. rate limiting, to
block spam. the goal of such relays is to make it at least as easy for
the spammer to simply contact the appropriate MXes for the destination
addresses as to use the relays. of course it is necessary for such
relays to record source IP addresses, etc., so that they are as
traceable to their origin as messages sent directly to MXes.
unfortunately, the vigilante character of various open-relay blacklists
killed any attempt at this kind of innovation. just as we're now in
danger of various kinds of brain-dead "authentication" methods and
meaningless requirements killing useful email functionality.
The fact that attackers are not trying to exploit a particular weakness right
now, although they used it heavily in the past, does not justify leaving the
weakness in place.
this much is certainly true.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf