On 2010-02-10 16:49, Chris Wilson wrote:
Agree, that is possible. But rating spam is done at the receivers site. Even if your email server's IP is as clean as a whistle you still find another email server classifying your email as spam. There is not a single solution and in most of the cases SPF doesn't work very well. If you look deep down in a antispam software's configuration, if a SPF record does not exist it will be rated with 0 or has only a slightly negative impact. So it affects mostly that user who owns a domain, the hosting provider has configured a SPF record correctly, but then a random ISP forces the user to relay through his email server. The average user won't be aware of changing domain dns settings in this situation. I assumed the latter, since Kyle's email address is with a private domain, not yahoo etc.Hi Rocco, On Wed, 10 Feb 2010, IT-Doc24 Ltd. - Rocco Radisch wrote: I am not recommending to drop SPF. Its one of the many approaches to fight against spam. I am separating what is the task of the ISP (providing internet services -> connectivity) and what is the task of a internet/email hosting provider or an email server administrator. Blocked smtp ports (25) is new to me, only occurred in Uganda yet. Again, port 25 can be used for mail submission. It was redefined in the IETF but look at the exact phrase:An ISP that allows port 587 out, but not port 25, allows their clients to send mail to submission servers (e.g. their employer) but not to the general population. Submission often requires authentication and is not part of the normal mail delivery system (MX records). When conforming to this document, message submission uses the protocol specified here, normally over port 587.http://tools.ietf.org/html/rfc4409 Due to compatibility most email providers allow mail submission on port 25. I personally don't know anyone who blocks email submission on port 25 as a email provider and yet most of the email clients are using that port for email submission in the standard configuration! Only Outlook 2007 implemented now an auto detection for the mail submission port. The LUG lists actually sends the message from the list's server and changes the email sender address to the [email protected]. Very friendly for the anti-spam software, thumb up. So what you are saying is not entirely true. You can list all your outgoing email servers easily. There are different ways to do it. Not only per IP, also per MX records, subnets and combined with all of them etc. Being forced to change this settings due to a port blocking of the ISP makes SPF administration a hustle and therefore minimises the value of the SPF.The only thing it's useful for in general is for declaring that your domain never sends email, unless you control all of your outbound mail servers. In this case you would not; also if you use a blackberry or an ISP that blocks port 25 outbound you do not. This is a limitation of SPF, not the fault of the ISP. That was the meaning of the question. No average email users would know how to set the SPF. That is task of the hosting provider, respectively the domain's dns admin. Yes I know that most of them do not use open relays any more. I wanted to emphasize that that is/was the real spam distributor. Authenticated via IP? You mean in terms of, if you are a customer of that ISP you can automatically use the email servers as relay without any authentication? What if you are connected through a public place using the ISPs network. You still cannot identify the spammer. Also, Trojans use this hole to distribute spam, assuming certain ISP provider settings. Intercepting the users smtp credentials is a bit more difficult, but also not impossible for a virus installed on the users machine. So what can you really do as an ISP? It always comes down to the receiver. I cannot control the customer's email service provider. What if the provider only offers port 25? I only helped the customer reconfiguring their mail client to meet the ISPs and their email service providers configuration. Agree. Wanted to show that the approach of blocking smtp port 25 didn't help a lot looking at the sample dynamic IPs, so what is the point? An ISPs task is to give data connectivity. You misunderstood. I even receive spams (rated as spam) from myself, how is that possible? Also mentioned on the LUG list before. Look into the email header, the actual IP of the sender's email server won't match the same IPs Facebook's email servers are using. This is just a trick to manipulate users and make them click on various links, which also look genuine. If you open thee email body (code) of the email, those links for changing the password always go to another randomly created temporarily site. There are some antispam softwares capable of detecting and rating this as a pishing attack. Some antispam softwares also detect certain reoccurring IPs and senders and put them on a temporary blacklist. Or they delay the sender on purpose, closing the connection and inform them to come back later. According to the IETF every email server has to retry within 24 hours. Most of the spam servers or spam clients do not try to send again. This technique is called greylisting and sorts out already up to 60-70% of all spams. If you are unsatisfied with your current email service provider you can always look around and learn otherwise. I was looking at the angle of an ISP. Nobody said anything about banning firewalls. Its an audacity to pay for a internet connection only working half because of restrictions. Its like leasing a car but you are only allowed to turn right on certain streets. :-) And I am not accusing any particular ISP, just in principal. There were times when the www started where the connection was for free. Again, spam rating happens on the other end. If you have issues with your current provider or an insufficient anti-spam solution you can always look for various hosting providers keeping a focus on decent anti-spam services. If you are using yahoo and other public providers, nothing to complain about since it is for free.Although I support freedom of speech, I wish ISPs could be forced to declare which of their IP ranges belong to dynamic customers so that I can block them. Failing that, I wish they would block outbound port 25 completely. Spam makes email useless. That's not freedom of speech, it's drowning out the useful speech, so better spam filtering means more freedom. Maybe Kyle didn't know that his MSA supports port 587, then the discussion wouldn't have started at all. But that is still not the point in this discussion, it was about blocking port 25. It is a delicate subject due to the lack of preventions against spam. My point is why do ISPs block traffic.Its not my intention to start such a discussion now, the net is already full of these: http://torrentfreak.com/search/isp+blockingDitto, but I couldn't help replying at the risk of starting a flame war that I don't intend to participate in. Who said we can't do this in Uganda? Maybe we offer port 25 services for all UTL/MTN/Orange & co clients. For x amount $ per month. It is complicating things, but doesn't make them impossible. I am sure those remote connectivity providers had to fight first in court until the ISP realised that would be another market. Technology develops, more bandwidth is available, but to change now how they started is too complicated for a big mobile ISP like Vodafone. They rather recommend another provider who has build a solution or a workaround.How does that square with your comment above that "the whole port blocking idea of ISPs actually violates the freedom of internet usage and doesn't really make sense either." Its enough to have lets say a 1 Mbit line on your headquarters office with remote/incoming traffic enabled. That has nothing to do with a persistent connection going over a middle server in order to workaround incoming traffic restrictions on provider site. Again, an ISPs main task is to provide layer one. I do understand the need for big corporates to outsource deployments of VPNs and that the next ideal partner would be there corporate ISP. But yet there is no other option in Uganda and people are miss-informed about the possibilities. Cheers, Chris. |
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
