Bryan Campbell wrote:
We as ISP administrators can force all smtp traffic through a gateway of
our choosing. We can scan mail as it heads outbound, through an
off-site smtp-mta mx proxy virus and spam scanning service (like
Postini), and even on the inbound mail delivery. We can shut down all
smtp traffic out of our ISP's that doesn't source to our outbound
relay. We can force all traffic to/from POP and IMAP servers off-site
to be forwarded through, or picked-up by our servers so that we can scan
the mail that comes in from mail servers off-site. The last and most
important step we can take is to move everone to authenticated SSL
smtp. That will put the nail in the coffin for most of the smtp abuses
on our networks.
Just last weekend I used a hotel data network (STSN) that quietly
intercepts all outbound connections to port 25 and redirects them to
their own mail servers. Among other things, this breaks STARTTLS, which
to me is a serious privacy invasion.
This kind of egregious violence against end-to-end transparency makes my
blood boil. Enough to make me want to retaliate in the best way I know
how -- by helping design and widely deploy encrypted tunnels that will
make it simply impossible. (I redirected all my outbound mail over an
encrypted tunnel to one of my own servers.)
When we were fighting the crypto wars back in the 1990s, we thought the
government was our adversary. It still is a big threat, especially now.
But encryption may turn out to have an even more important use: the
defense of the Internet end-to-end model and the enforcement of
end-to-end transparency against ISPs, carriers and others who would
otherwise be tempted to discriminate on the basis of traffic content and
type.
The prospect of widespread encrypted tunneling making it impossible for
ISPs to selectively filter traffic even when everyone wants them too
(e.g., when the next Blaster hits) should give pause to any ISP thinking
of filtering, diverting or transparently proxying any traffic "because
they can", with the users unable to do anything about it.
Phil
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡