Hi Rocco The day you will own or work at an ISP that's when you will appreciate what ISP's go through everyday, war with spammers is like war against terror just that no death is involved "well some kill for spam heard of businesses looking for admins" How would you feel when your ISP's IP block is "blacklisted because one customer got a mass mailing worm/trojan and you can't connect to any "normal server" And many ISP's would love to be off this list
http://www.spamhaus.org/statistics/networks.lasso When it comes to spam I hate it and all ISPs that do block port 25 for users with no mailers on their networks I give them 5-star as in * * * * * Those who don't you make me hate mother earth and as long as you are in Uganda it will be like this because we sahll never be on this list http://www.spamhaus.org/statistics/countries.lasso But am with you on torrents, am a p2p guy 2 and my ISP doesn't block it ;-) "The majority of the world's service providers succeed in keeping spammers off their networks and work to maintain a positive anti-spam reputation, but their work is undermined daily by the few networks who, out of corporate greed or mismanagement, choose to be part of the problem." On Wed, Feb 10, 2010 at 4:49 PM, Chris Wilson <[email protected]<chris%[email protected]> > wrote: > Hi Rocco, > > On Wed, 10 Feb 2010, IT-Doc24 Ltd. - Rocco Radisch wrote: > > > Same here. I do not understand the issue of port 25 in conjunction with > > spamming! > > An ISP that allows port 25 out of their network, allows their clients to > indiscriminately spam the world. > > An ISP that allows port 587 out, but not port 25, allows their clients to > send mail to submission servers (e.g. their employer) but not to the > general population. Submission often requires authentication and is not > part of the normal mail delivery system (MX records). > > > If the ISP forces the user to use their email servers for email delivery: > > a) causes confusion and breaks the idea behind SPF. According to the > > sender policy framework you will have to add the ISPs email server in the > > DNS domain settings (spf record) as Reinier has mentioned. Or you leave > > out the SPF record completely, then there would be no point of having the > > SPF. > > Forwarding and mailing lists already break SPF. The only thing it's useful > for in general is for declaring that your domain never sends email, unless > you control all of your outbound mail servers. In this case you would not; > also if you use a blackberry or an ISP that blocks port 25 outbound you do > not. This is a limitation of SPF, not the fault of the ISP. > > > Anyway, which average email user knows all that? > > Anyway, which average email user writes SPF records? > > > b) If the ISP's email server relays without smtp authentication THAT is > > the actual evildoer. Giving spammers a free gateway to send emails > > without any identification. > > Very few ISPs allow open relaying as they would be blacklisted by > everybody by now. Most authenticate by IP address which is a start. > Authenticating by username makes life3 more difficult for your users, so > is often not implemented. I agree that it would be better, but most ISPs > don't do it, so it's hard to argue that it's evil not to. > > > c) Every time the user changes the ISP/network he has to change the > > settings or maintain two smtp server profiles. I.e. one uses UTL at home > > and at work MTN or Orange. Each ISP forces to use his own email server. > > Congratulations. Good thing we still have port 587 and 465 for SSL. I had > > a number of people working at different locations with a laptop facing > > this exact challenge. > > Then stick to a single mail server that accepts email on port 587 with > authentication and relays to everywhere. Job done. This is what most > people do. > > > c) Most of the spam comes anyway from dynamic IP addresses of an ISP's IP > > pool. In that way its even easier to distinguish the sender for the > > antispam software. Like: > > > > pool-71-108-40-184.lsanca.dsl-w.verizon.net > > 551-1-60-93.w86-192.abo.wanadoo.fr > > 213-168-8-183-dsl.est.estpak.ee > > Yes, these are not hard to block with Exim and then Spamhaus RBL, but a > lot of spam comes from free email providers like google, yahoo and > hotmail too, and that is hard to block. > > > Or did you ever receive a Facebook pishing attack from a Facebook server? > > Very unlikely, more likely you got it from estpak.ee or similar. > > I got my first Google Docs spam today, and I've received a lot of spam > from people signing me up to Google Newsgroups without my permission or > confirmation for the express purpose of spamming me. > > > Plus, the whole port blocking idea of ISPs actually violates the freedom > > of internet usage and doesn't really make sense either. > > Perhaps we should ban firewalls then? > > Although I support freedom of speech, I wish ISPs could be forced to > declare which of their IP ranges belong to dynamic customers so that I can > block them. Failing that, I wish they would block outbound port 25 > completely. Spam makes email useless. That's not freedom of speech, it's > drowning out the useful speech, so better spam filtering means more > freedom. > > > Its not my intention to start such a discussion now, the net is already > > full of these: http://torrentfreak.com/search/isp+blocking > > Ditto, but I couldn't help replying at the risk of starting a flame war > that I don't intend to participate in. > > > Or like Kyle did, using a random port. The port-service associations are > > recommendations, nobody said we have to stick to them. The internet is > > the world wide wild west. > > It doesn't have to be random. Port 587 was allocated for exactly this > purpose. > > > Where there is a restriction you create a market. > > How does that square with your comment above that "the whole port blocking > idea of ISPs actually violates the freedom of internet usage and doesn't > really make sense either." > > > Which raises another question, why do ISPs offer site-to-site > > connectivity for that kind of money here in Uganda? Calling it a > > corporate network data plan or similar, charging each remote site big > > sums per month? > > It's easier for companies to work this way, and there's no guarantee that > the persistent connection trick will continue to work, which means they > could wake up to a nasty surprise one day. Some companies prefer peace of > mind (like insurance) and pick the expensive but guaranteed VPN option. > > Cheers, Chris. > -- > Aptivate | http://www.aptivate.org | Phone: +44 1223 760887 > The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES > > Aptivate is a not-for-profit company registered in England and Wales > with company number 04980791. > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > >
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
