Alex van den Bogaerdt <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> writes:
BTW I do _not_ think an ISP is allowed to be this unresponsible. They
do have an obligation to "the net", the same net that allows them to
make money.
[Gustav Foseid]
They also have an obligation to transport the data you pay them to
transport. Sometimes that includes data to port 25 of a random machine
somewhere on the net.
Only if your TOS explicitly says so, and that is under your control. The
majority of spam I receive is from compromised machines whose broadband
ISP's take your position, i.e. it is not their problem that a "few" of their
customers' compromised machines are wreaking havoc on the net. Unless
things change, I may start blocking these ISP's entirely, even though it is
their customers, not the ISP itself, who are doing the damage. The reason
for such blocking, with an appropriate 550 message, is that I believe it is
irresponsible for these ISP's to cost shift the detection and blocking of
individual abusive dial-up machines within their netblock to the internet
community at large.
Nobody can make an ISP do anything, but if they don't do it on their own,
things are getting bad enough that they may find themselves on a private
network with few connections to the larger internet. Put differently, it's
in the ISP's own self-interest to prevent clueless customers from inflicting
abuse on the rest of the internet, who will eventually start to refuse
traffic from you, including all legitimate traffic.
[Gustav Foseid]
I could easily fins cases where blocking port 25 is a bad idea. One
such case is users that send e-mail from a domain with "-all" in thei
SPF record, because they should always use their company's SMTP
server. Or you could image a company requiring use of their own SMTP
serevr because it inserts a disclaimer or does required logging.
(These servers would, of course, have to be authenticated SMTP
servers.)
If an ISP argues that such traffic should not be blocked, even from
private customers, I would say that I agree with them.
I think your point of view has a lot of philosophical merit, but
unfortunately, it applies more to the internet of 15 years ago than today.
For the same reasons that operating an open relay is no longer acceptable,
it is equally unreasonable to allow the majority of users outgoing port 25
access to the whole internet.
Most users do not need to run their own mail servers and are not capable of
configuring one securely. They are not even capable of securing their own
operating systems against abuse, let alone a mailserver. Because of the
internet we have today, port 25 blocking is unfortunately appropriate for
the majority of customers, as is rate-limiting and, many would argue,
outbound virus detection. If you have a customer who needs to run their own
mailserver, go ahead and give them unfettered access to the net. If they
prove inept and abuse the net, pull the plug and politely explain why. I
have less and less sympathy with ISP's who feel it is their God-given right
to grant full net access to their customers who are incapable of using it
responsibly and making the rest of the internet pay to mitigate the effects
of their abuse. If that model were to persist, we would have to start
charging senders for the reception of email. That would be akin to killing
the goose that laid the golden egg. The solution is simply a TOS that is
appropriate for the computing world that we live in, which you then enforce
by technical and administrative means.
--
Seth Goodman
off-list replies to sethg [at] GoodmanAssociates [dot] com
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡