Not to start a political discussion, and I am all in favor of "Internet
Liberty" but some things have to be handled somehow by somebody, because
there are limited socially acceptable ways of handling abusers. Some years
ago with by today's standards, very few sites on the Internet everybody was
a peer and a "master site".
Today nearly everybody is responsible to someone "up above" (provider, not
God) and you have to obey their policy or find another provider. So it is
SPF, port blocking or something else.
As an ISP, I can't give my customer any more "liberty" than I get, and I
have to protect the "privileges" I and my other customers have now.
Cary Fitch
----- Original Message -----
From: "Nico Kadel-Garcia" <nkadel(_at_)merl(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, April 19, 2004 2:20 PM
Subject: Re: [spf-discuss] first spf-enabled spam
----- Original Message -----
From: "David Brodbeck" <gull(_at_)gull(_dot_)us>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, April 19, 2004 12:06 PM
Subject: Re: [spf-discuss] first spf-enabled spam
Technically, you're quite correct. Politically and socially, it's a
serious
problem. This is a *BIG* issue among my "Internet libertarian"
friends. They
absolutely do not want their ISP's interfering in any way with their
home
connectivity
I'm not really an "internet libertarian", but I'm against arbitrary port
blocking because it breaks things randomly. I've already had the
experience of trying to set up a custom service on a high-numbered port
and having to play "minesweeper" with my users, trying to find a port
number that no one's ISP was blocking outbound connections to.
That *is* a problem. The ISP's doing the port blocking should definitely
publish the blocked ports, but also you should yourself look up the ports
before trying to grab them in order to verify that your clients and their
customers are not already using the port for something else: that's a
pretty
basic requirement of grabbing a static high-numbered port.
And since the ISP's, to the best of my knowledge, are blocking only the
ports used by specific service attacks, I think you'd avoid this anyway,
unless the script kiddes themselves grab arbitrary ports and flood them
with
their s00pEr s3cr3t IRC channels....
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com