|
That's a damn good solution. The ISP can block outbound spam
from dynamic connections which stops the trojaned machines and the junior
spammers. Your customer gets their mail to your server with no fuss. Well
done.
----- Original Message -----
Sent: Saturday, December 13, 2003 8:12
AM
Subject: Re: [Declude.JunkMail] Outbound
Port 25, was -> Virginia Indicts
This may be a crutch solution, but it is what we
have implemented, and our customers seem to like it.
I wrote a small
port redirection program that runs on the mail server. It listens on a
specific port number, and when it receives a connection, opens a connection on
the mail server on port 25, and acts as an "intermediary" between the two. Our
customers reconfigure their clients to connect on this port number other than
25, it skips around the various ISP's port 25 blocking, they get to use our
SMTP server, and noone is the wiser.
At 12:21 AM 12/13/2003, Matthew
Bramble wrote:
Dave Doherty wrote:
Matt, I went through a lot of the
same arguments with my StarPower
customers. Once they understand that
security and spam control requires that
they use StarPower's SMTP
service, they are very cooperative and happy to
make the adjustments.
We are fanatical about customer service, and I will
have a tech talk a
customer through the email setup, even if it takes
an
hour.
I think you are assuming too much
about your customers being happy under those arrangements. Maybe your
outbound SMTP server is problem free, but the ISP's that are implementing
such things are far from problem free in my experience, and I hate getting
calls about why someone's E-mail isn't reaching it's destination when we
aren't handling their outbound traffic. We also provide virus scanning
on outbound traffic, which such a configuration defeats.
I see this
approach in the same light as closing down the highways because people
speed. It punishes customers and providers that play by the rules,
whereas only a small number are sending spam or have computers that are
compromised to do so. Because I need direct access to my SMTP server
for monitoring, I absolutely have to have a provider that allows SMTP
traffic through. If the majority of ISP's played by the rules that you
do, SMTP would be broken for all practical purposes as far as I'm
concerned.
If you ask around, most here don't consider blocking on
DUL lists to be a wise thing to do, though using that in a weighting scheme
is a decent idea. It's pretty clear that even Scott is being blocked
by Road Runner's servers because of a poor implementation of a DUL list that
includes his IP space even though it is static and business-class.
Blocking outbound SMTP is even worse than blocking by DUL. I'm
sure that many around here have had similar issues with large ISP's that
improperly have tagged their IP space as being dynamic.
I know that
this practice negatively affects my business, and it's quite difficult to
explain to a non-technical customer why this is, and never once has one of
them been happy that their ISP has chosen to do so.
Maybe you
aren't aware of this affecting your business, but I, along with several of
my LAN integrator friends, would absolutely not recommend an ISP that blocks
outbound SMTP traffic because of the problems that it causes me, and the
perception that such an implementation is a lazy way of fighting spam.
And as far as my experience goes, none of the ISP's doing this that I have
encountered went about this in a fully responsible manner. They all
chose to make a change and then have me take the calls and do the diagnosis
and call them for verification instead of alerting their customers as to the
issues.
This also starts encroaching into the areas of censorship and
policing ones customers. Once you start getting involved with
disallowing SMTP, you remove legitimate objections to blocking file sharing
networks, and could even make yourself liable for such things. The
industry has taken a very purposeful approach to this by usurping as much
responsibility as possible. They don't want to become the Internet's
police force, and costly defenses of John Doe's by places like Yahoo and
Verizon were not intended to protect criminals, but instead to protect their
businesses from liability and burden. The RIAA has even gone after
universities for file sharing, and this implicates the universities as being
liable for the actions of their students. If you know anything about
public colleges, then you should know that they generally have a huge
aversion to any form of blocking because of the implications. After
one student at my old school got arrested for child porn, a friend of mine
who was the sys admin, removed all such groups from their news server,
figuring that it wouldn't make for good publicity if they found the guy got
it off of their own servers...well, when the guy's boss got wind of this, he
forced him to add all of the groups back in. The view here is that it
was a can of worms that they wanted nothing to do with as a proactive
measure, and their job was not to enforce either moral standards nor the law
itself.
Spam is of course a serious problem, and one of the problems
is that it causes ISP's to limit access to my servers by my own
clients. I assure you that I am not the only one that feels this way,
and it does affect your business, though maybe not measureably...it
certainly affects mine and I'm not the one blocking this
stuff.
Matt
---
[This E-mail was scanned for viruses by
Declude Virus (http://www.declude.com)]
---
This E-mail came from
the Declude.JunkMail mailing list. To
unsubscribe, just send an
E-mail to [EMAIL PROTECTED], and
type "unsubscribe
Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
|
