> ...
> they ARE concerned about spam, hackers, etc.  Unfortunately, a lot of them
> Get It Very Wrong, and do stuff like bounce SMTP 'MAIL FROM:<>', or Do The
> Wrong Thing with NTP traffic, etc etc.
> I have to conclude that there's a lot of sites that *do* care very much, but
> are lacking the technical expertise to use the tools.
> Remember: There's 4 million .coms.  There's not 4 million experienced sysadmins.

It's worse than that, as AOL is demonstrating with their port 25 redirecting.
If your skin doesn't crawl at the thought of a third party adding headers
to your SMTP messages, you need to take some time out to think about things.
There need be no significant implementation difference between adding
headers and making improvements to the body of an SMTP message.

Then there is the collateral damage.  I don't know if the AOL redirectors
store and forward, but if they do, think about what that does to SMTP AUTH
challenges and responses.   (yes, assuming that SMTP AUTH runs on port 25
or that AOL expands their redirecting to other ports).

If you haven't seen wierd effects from HTTP redirecting including clients
getting the wrong (i.e. old) pages, then you need to look around.

I think a bigger worry than a shortage of experience administrators is an
abundance of people who prefer the easiest, cheapest in the short term
solution instead of a long view, such as redirecting SMTP instead of
enforcing serious anti-spam terms of service.

Vernon Schryver    [EMAIL PROTECTED]

Reply via email to