On Mon, Oct 31, 2011 at 6:23 AM, Brian Johnson bjohn...@drtel.com wrote:
For clarity it's really bad for ISPs to block ports other than 25 for the
purposes of mail flow control... correct?
Yes, correct. If you're using another mail submission port, you're
connecting to a mail service that has
The point to make here is:
- if an ISP takes the path of blocking tcp/25, then they MUST
communicate this appropiately to customers and other users
- they also MUST provide alternatives: SMTP over SSL should be allowed
(tcp/465), authenticated relay, but *something*.
IMO blocking 25/tcp is a
Bill,
Responses in-line...
-Original Message-
From: Bill Stewart [mailto:nonobvi...@gmail.com]
Sent: Friday, October 28, 2011 6:22 PM
To: nanog@nanog.org
Cc: Brian Johnson
Subject: Re: Outgoing SMTP Servers
snip
I've got a strong preference for ISPs to run a
Block-25-by-default
Dave CROCKER wrote:
On 10/30/2011 8:36 PM, Brian Johnson wrote:
So you support filtering end-user outbound SMTP sessions as this is a
means to prevent misuse of the Commons*. Correct?
If it is acceptable to have the receiving SMTP server at one end of a
connection do filtering -- and it
On 10/31/2011 11:48 AM, Michael Thomas wrote:
I've often wondered the same thing as to what the resistance is to outbound
filtering is. I can think of a few possibilities:
1) cost of filtering
2) false positives
3) really _not_ wanting to know about abuse
On the other hand, you have
1)
On: Mon, 31 Oct 2011 09:48:21 -0700, Michael Thomas m...@mtcc.com opined:
Dave CROCKER wrote:
On 10/30/2011 8:36 PM, Brian Johnson wrote:
So you support filtering end-user outbound SMTP sessions as this is a
means to prevent misuse of the Commons*. Correct?
If it is
Sent from my iPad
On Oct 31, 2011, at 1:30 PM, Jack Bates jba...@brightok.net wrote:
On 10/31/2011 11:48 AM, Michael Thomas wrote:
I've often wondered the same thing as to what the resistance is to outbound
filtering is. I can think of a few possibilities:
1) cost of filtering
2)
Sent from my iPad
On Oct 31, 2011, at 4:17 PM, Robert Bonomi bon...@mail.r-bonomi.com
snip
There is an at-least-somewhat-valid argument against outbound filtering.
to wit, various receiving systems may have different policies on what is/
is-not 'acceptable' traffic. They have a better
Dave CROCKER [mailto:d...@dcrocker.net] said on Sunday, 30 October, 2011 22:41
On 10/30/2011 8:36 PM, Brian Johnson wrote:
So you support filtering end-user outbound SMTP sessions as this is a
means to prevent misuse of the Commons*. Correct?
If it is acceptable to have the receiving SMTP
On 10/31/2011 8:12 PM, Brian Johnson wrote:
Sent from my iPad
On Oct 31, 2011, at 1:30 PM, Jack Batesjba...@brightok.net wrote:
On 10/31/2011 11:48 AM, Michael Thomas wrote:
I've often wondered the same thing as to what the resistance is to outbound
filtering is. I can think of a few
- Original Message -
From: Valdis Kletnieks valdis.kletni...@vt.edu
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said:
So... I'm in complete agreement with your statement, but The
Wikipedia reference is not pertinent.
So I point out the tragedy of the commons, you agree with
Bill,
Your misunderstanding of physical pollution pollutes your understanding of spam.
But it turns out that you seem to misunderstand spam quite a bit, independently.
On 10/27/2011 9:26 PM, William Herrin wrote:
If you throw pollution into the air, it may eventually impact me or it
may
On Sun, Oct 30, 2011 at 3:17 PM, Dave CROCKER dcroc...@bbiw.net wrote:
Your misunderstanding of physical pollution pollutes your understanding of
spam. But it turns out that you seem to misunderstand spam quite a bit,
independently.
Okay wise guy. Let's take another look at your version of
On Oct 30, 2011, at 2:19 PM, Dave CROCKER wrote:
snip ridiculousness
Email travels over shared resources. Spam consumes roughly %95 percent of
that shared path (comm lines and servers). Receiving operators must devote
masses of resources to filter that firehose of mostly junk, in order
On 10/30/2011 8:36 PM, Brian Johnson wrote:
So you support filtering end-user outbound SMTP sessions as this is a means to
prevent misuse of the Commons*. Correct?
If it is acceptable to have the receiving SMTP server at one end of a connection
do filtering -- and it is -- then why
going back to
the merchant consortia of the middle ages.
-Gabriel
-Original Message-
From: Pete Carah [mailto:p...@altadena.net]
Sent: Thursday, October 27, 2011 9:29 PM
To: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
Maybe he is concerned that the Wikipedia article gets into nit
On Thu, 27 Oct 2011 23:44:16 EDT, William Herrin said:
For our purpose, describing the Internet as a commons fundamentally
misunderstands its nature.
You *do* realize that for all your nice Thei Internet Is Not A Commons
ranting, the basic problem is that some people (we'll call them spammers)
Comments in-line
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: Friday, October 28, 2011 10:42 AM
To: William Herrin
Cc: nanog@nanog.org; Pete Carah
Subject: Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 23:44:16 EDT, William Herrin said
...@delong.com]
Sent: Friday, October 28, 2011 12:11 PM
To: Brian Johnson
Subject: Re: Outgoing SMTP Servers
Nor is the data transiting these networks a commons. The air over my
land is a commons. I don't control it. If I pollute it or if I don't,
it promptly travels over someone else's land
On Fri, Oct 28, 2011 at 1:34 AM, Joel jaeggli joe...@bogus.com wrote:
Email as facility is a public good whether it constitutes a commons or
not... If wasn't you wouldn't bother putting up a server that would
accept unsolicited incoming connections on behalf of yourself and
others, doing so is
Girls,
You are all pretty. End the thread. Seriously.
-Hammer-
I was a normal American nerd
-Jack Herer
On 10/28/2011 01:59 PM, William Herrin wrote:
On Fri, Oct 28, 2011 at 1:34 AM, Joel jaegglijoe...@bogus.com wrote:
Email as facility is a public good whether it constitutes a
On Fri, Oct 28, 2011 at 11:41 AM, valdis.kletni...@vt.edu wrote:
On Thu, 27 Oct 2011 23:44:16 EDT, William Herrin said:
For our purpose, describing the Internet as a commons fundamentally
misunderstands its nature.
You *do* realize that for all your nice Thei Internet Is Not A Commons
On 28 October 2011 16:41, valdis.kletni...@vt.edu wrote:
You *do* realize that for all your nice Thei Internet Is Not A Commons
ranting, the basic problem is that some people (we'll call them spammers) *do*
think that (a) it's a commons (or at least the exact ownership of a given
chunk is
- Original Message -
From: William Herrin b...@herrin.us
Interesting. I want to abstract and restate what I think you just said
and ask you to correct my understanding:
Making a service accessible to the public via the Internet implicitly
grants some basic permission to that public
: Owen DeLong [mailto:o...@delong.com]
Sent: Friday, October 28, 2011 12:11 PM
To: Brian Johnson
Subject: Re: Outgoing SMTP Servers
Nor is the data transiting these networks a commons. The air over my
land is a commons. I don't control it. If I pollute it or if I don't,
it promptly travels
Sent from my iPad
On Oct 28, 2011, at 2:56 PM, Owen DeLong o...@delong.com wrote:
Sent from my iPhone
On Oct 28, 2011, at 12:16, Brian Johnson bjohn...@drtel.com wrote:
Owen,
When you stretch an analogy this thin, it always falls apart. I was
referring to the poison/pollution
++1
- Brian
Sent from my iPad
On Oct 28, 2011, at 2:05 PM, Mike Jones m...@mikejones.in wrote:
On 28 October 2011 16:41, valdis.kletni...@vt.edu wrote:
You *do* realize that for all your nice Thei Internet Is Not A Commons
ranting, the basic problem is that some people (we'll call them
Mark Andrews ma...@isc.org writes:
In message 4ea8a021.9000...@blakjak.net, Mark Foster writes:
Why? It's a reasonable position; end users in the generic sense are
sending to whatever their client has set up for SMTP, fire-and-forget.
Again, I feel like folks are taking their relatively
Owen DeLong o...@delong.com writes:
On Oct 26, 2011, at 8:07 PM, Scott Howard wrote:
As much as some ISPs still resist blocking port 25 for residential
customers, it does have a major impact on the volume of spam leaving
your network. I've worked with numerous ISPs as they have gone
through
-
From: Owen DeLong [mailto:o...@delong.com]
Sent: Wednesday, October 26, 2011 11:42 PM
To: Scott Howard
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Oct 26, 2011, at 8:07 PM, Scott Howard wrote:
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong o...@delong.com
wrote:
Interesting
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said:
It is interesting that some people who fully understand that the Internet is
composed of many networks run by people with different interests can say what
is best for the Internet as a whole. How my organization (or yours or anybody
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said:
It is interesting that some people who fully understand that the Internet is
composed of many networks run by people with different interests can say what
is best for the Internet as a whole. How my organization (or yours or anybody
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: Thursday, October 27, 2011 10:24 AM
To: Brian Johnson
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said:
It is interesting that some people
-Original Message-
From: Robert Bonomi [mailto:bon...@mail.r-bonomi.com]
Sent: Thursday, October 27, 2011 12:50 PM
To: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said:
It is interesting that some people who fully understand
On Thu, Oct 27, 2011 at 1:50 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote:
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said:
As a small regional provider, implementing a sane port 25 filter has
saved us a lot of money and customer headaches over the years.
It is interesting that
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said:
So... I'm in complete agreement with your statement, but The Wikipedia
reference is not pertinent.
So I point out the tragedy of the commons, you agree with it, but the Wikipedia
reference that talks about the same exact thing isn't
On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote:
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said:
So... I'm in complete agreement with your statement, but The Wikipedia
reference is not pertinent.
So I point out the tragedy of the commons, you agree with it, but the
Wikipedia
On Thu, Oct 27, 2011 at 9:29 PM, Pete Carah p...@altadena.net wrote:
On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote:
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said:
So... I'm in complete agreement with your statement, but The Wikipedia
reference is not pertinent.
For our
On 10/28/2011 5:44 AM, William Herrin wrote:
A commons is jointly owned, either by a non-trivial number of private
owners or by all citizens of a government.
The practical use of the term is a bit broader:
http://en.wikipedia.org/wiki/Commons
As rule, the term gets applied to
On Thu, Oct 27, 2011 at 11:59 PM, Dave CROCKER d...@dcrocker.net wrote:
On 10/28/2011 5:44 AM, William Herrin wrote:
A commons is jointly owned, either by a non-trivial number of private
owners or by all citizens of a government.
The practical use of the term is a bit broader:
Email as facility is a public good whether it constitutes a commons or
not... If wasn't you wouldn't bother putting up a server that would
accept unsolicited incoming connections on behalf of yourself and
others, doing so is generically non-rival and non-excludable although
not perfectly so in
On 26 October 2011 05:44, Owen DeLong o...@delong.com wrote:
Mike recommends a tactic that leads to idiot hotel admins doing bad things.
You bet I'll criticize it for that.
His mechanism breaks things anyway. I'll criticize it for that too.
Just to clarify, I was merely pointing out a
My point exactly, I am perfectly happy authenticating and relaying
through either my MX at the office or with Google's SMTP server. But I
just can't do that if SMTPoSSL ports are blocked by some lazy net
admin.
And I definitely hate it when I have to pay (in terms of delay and
overhead) the price
In a perfect world we would all have as many static globally routed IP
addresses as we want with nothing filtered, in the real world a
residential ISP who gives their customers globally routable IPv4
addresses for each computer (ie. a CPE that supports multiple
computers without NAT)
On 25 Oct 2011, at 09:34, Tim tim...@progressivemarketingnetwork.com wrote:
This sadly is very common. It is getting more common by the day it seems but
this practice has started almost a decade ago.
An easy work around is to use a custom port as they seem to just block port
25 as a bad
We provide service to about 1,000 public schools and libraries in the
state of Maine.
For those users, we block SMTP (port 25 only) traffic unless it goes
through our smarthost for incoming mail, and our mail-relay for
outgoing mail.
Otherwise we would be constantly ending up on blacklists, as
On Wed, Oct 26, 2011 at 19:24:23PM -0600, Owen DeLong wrote:
Firewalls are perfectly valid and I have no general objection to
filtering packets based on the policy set by a site. What I object to is
having someone I pay to move my packets tell me that they won't move
some of those packets
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell a.harrow...@gmail.com
wrote:
Why do they do that?
You'd have to ask them. Or more accurately, you'd need to ask their
system integrator -- I've never seen an in house network run like that.
(and for the record, they were charging for
[mailto:o...@delong.com]
Sent: Monday, October 24, 2011 9:37 PM
To: Dennis Burgess
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:
I am curious about what network operators are doing with outbound SMTP
traffic. In the past few weeks we
In message op.v3y8xvo6tfh...@rbeam.xactional.com, Ricky Beam writes:
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell a.harrow...@gmail.com
wrote:
Why do they do that?
You'd have to ask them. Or more accurately, you'd need to ask their
system integrator -- I've never seen an in
On 26 Oct 2011, at 23:13, Mark Andrews ma...@isc.org wrote:
In message op.v3y8xvo6tfh...@rbeam.xactional.com, Ricky Beam writes:
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell a.harrow...@gmail.com
wrote:
Why do they do that?
You'd have to ask them. Or more accurately, you'd
On our retail footprint we block outbound traffic from customers with dynamic
IPs
towards port 25, our support tells them to use their ISP's port 587 server
That being said, since all of our home users have 50 mbit/sec or greater
upload
speeds we are pretty paranoid about the amount of
On 27/10/11 11:11, Mark Andrews wrote:
In message op.v3y8xvo6tfh...@rbeam.xactional.com, Ricky Beam writes:
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell a.harrow...@gmail.com
wrote:
Why do they do that?
You'd have to ask them. Or more accurately, you'd need to ask their
system
In message 4ea8a021.9000...@blakjak.net, Mark Foster writes:
On 27/10/11 11:11, Mark Andrews wrote:
In message op.v3y8xvo6tfh...@rbeam.xactional.com, Ricky Beam writes:
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell a.harrow...@gmail.com
wrote:
Why do they do that?
You'd have
- Original Message -
From: Mark Andrews ma...@isc.org
Now most people don't care about this but you shouldn't have to get
a business grade service just to have secure email sessions and if
you want to run a SMTP server to do that you are not changing the
amount of traffic going over
On Tue, Oct 25, 2011 at 2:51 AM, Aftab Siddiqui aftab.siddi...@gmail.comwrote:
Blocking port/25 is a common practice (!= best practice) for home
users/consumers because it makes life a bit simpler in educating the end
user.
MAAWG have considered this a best practice for residential/dynamic
On 10/26/2011 10:57 PM, Scott Howard wrote:
On Tue, Oct 25, 2011 at 2:51 AM, Aftab Siddiqui
aftab.siddi...@gmail.comwrote:
Blocking port/25 is a common practice (!= best practice) for home
users/consumers because it makes life a bit simpler in educating the end
user.
And it's not just 25.
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong o...@delong.com wrote:
Interesting... Most people I know run the same policy on 25 and 587 these
days...
to-local-domain, no auth needed.
relay, auth needed.
auth required == TLS required.
Anything else on either port seems not best practice
On Oct 26, 2011, at 8:07 PM, Scott Howard wrote:
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong o...@delong.com wrote:
Interesting... Most people I know run the same policy on 25 and 587 these
days...
to-local-domain, no auth needed.
relay, auth needed.
auth required == TLS required.
On Tue, Oct 25, 2011 at 12:29 AM, Dennis Burgess
dmburg...@linktechs.net wrote:
I am curious about what network operators are doing with outbound SMTP
traffic. In the past few weeks we have ran into over 10 providers,
mostly local providers, which block outbound SMTP and require the users
to
This sadly is very common. It is getting more common by the day it seems but
this practice has started almost a decade ago.
An easy work around is to use a custom port as they seem to just block port
25 as a bad port but leave just about everything else open including 2525
which seems to be a
On 10/25/2011 8:13 AM, William Herrin wrote:
Blocking outbound TCP SYN packets on port 25 from non-servers is
considered a BEST PRACTICE
...
The SMTP submission port (TCP 587) is authenticated and should
generally not be blocked.
Email Submission Operations: Access and Accountability
On Oct 24, 2011, at 10:27 PM, Mikael Abrahamsson wrote:
On Mon, 24 Oct 2011, Dennis Burgess wrote:
I am curious about what network operators are doing with outbound SMTP
traffic.
Block all TCP/25 and require users to use submit with authentication on
TCP/587.
If they are using
Blocking port/25 is a common practice (!= best practice) for home
users/consumers because it makes life a bit simpler in educating the end
user.
ripe-409 gives some what glimpse of best-practice, not sure how many
implements it that way.
Regards,
Aftab A. Siddiqui
On Tue, Oct 25, 2011 at 2:35
On Oct 24, 2011, at 11:13 PM, William Herrin wrote:
On Tue, Oct 25, 2011 at 12:29 AM, Dennis Burgess
dmburg...@linktechs.net wrote:
I am curious about what network operators are doing with outbound SMTP
traffic. In the past few weeks we have ran into over 10 providers,
mostly local
On 2011-10-25 11:49 , Owen DeLong wrote:
[..]
With this combination, I have not encountered a hotel, airport lounge, or
other poorly run environment from which I cannot send mail through my
home server from my laptop/ipad/iphone/etc.
Ever heard of this magical thing called a VPN? :)
Indeed,
On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote:
On 2011-10-25 11:49 , Owen DeLong wrote:
[..]
With this combination, I have not encountered a hotel, airport lounge, or
other poorly run environment from which I cannot send mail through my
home server from my laptop/ipad/iphone/etc.
Ever
On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said:
If they are using someone else's mail server for outbound, how, exactly do
you control
whether or not they use AUTH in the process?
1) You don't even really *care* if they do or not, because...
2) if some other site is running with an
On 2011-10-25 12:20 , Owen DeLong wrote:
On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote:
On 2011-10-25 11:49 , Owen DeLong wrote:
[..]
With this combination, I have not encountered a hotel, airport lounge, or
other poorly run environment from which I cannot send mail through my
home
Owen DeLong o...@delong.com writes:
It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general
agreement,
even among them seems to be that only 25/tcp should be blocked and that
465 and 587 should not be
On Oct 25, 2011, at 3:29 AM, valdis.kletni...@vt.edu wrote:
On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said:
If they are using someone else's mail server for outbound, how, exactly do
you control
whether or not they use AUTH in the process?
1) You don't even really *care* if they do
I'm curious how a traveller is supposed to get SMTP relay service
when, well, travelling. I am not really sure if I want a VPN for
sending a simple email.
And I can understand (although I am not convinced that doing so is
such a great idea) blocking 25/tcp outgoing, as most botnets will try
that
On Oct 25, 2011, at 4:15 AM, Jeroen Massar wrote:
On 2011-10-25 12:20 , Owen DeLong wrote:
On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote:
On 2011-10-25 11:49 , Owen DeLong wrote:
[..]
With this combination, I have not encountered a hotel, airport lounge, or
other poorly run
On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong o...@delong.com wrote:
On Oct 24, 2011, at 11:13 PM, William Herrin wrote:
Blocking outbound TCP SYN packets on port 25 from non-servers is
considered a BEST PRACTICE to avoid being the source of snowshoe and
botnet spam. Blocking it from legitimate
I'm curious how a traveller is supposed to get SMTP relay service when, well,
travelling. I am not really sure if I want a VPN for sending a simple email.
And I can understand (although I am not convinced that doing so is such a
great idea) blocking 25/tcp outgoing, as most botnets will
On Tue, Oct 25, 2011 at 10:57, Dennis Burgess dmburg...@linktechs.netwrote:
[dmb] This is the exact question, why, do you NEED a SMTP Relay on ANY
network. Your domain has a mail server out on the net that if you
authenticate to, I am sure will relay your mail, and the reverse DNS and SPF
I'm curious how a traveller is supposed to get SMTP relay service
when, well, travelling. I am not really sure if I want a VPN for
sending a simple email.
vpn
i use openvpn
when roaming, i am often on poorly protected wireless. i openvpn to
home
randy
On Oct 25, 2011, at 8:46 AM, William Herrin wrote:
On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong o...@delong.com wrote:
On Oct 24, 2011, at 11:13 PM, William Herrin wrote:
Blocking outbound TCP SYN packets on port 25 from non-servers is
considered a BEST PRACTICE to avoid being the source of
[mailto:o...@delong.com]
Sent: Tuesday, October 25, 2011 10:56 AM
To: William Herrin
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Oct 25, 2011, at 8:46 AM, William Herrin wrote:
On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong o...@delong.com wrote:
On Oct 24, 2011, at 11:13 PM, William
Owen wrote:
On Oct 25, 2011, at 3:29 AM, Valdis.Kletnieks at vt.edu wrote:
On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said:
If they are using someone else's mail server for outbound, how, exactly do
you control
whether or not they use AUTH in the process?
1) You don't even really
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong o...@delong.com wrote:
Wouldn't the right place for that form of rejection to occur be at the
mail server in question?
In a perfect world, yes. When you find a perfect world, send us an invite.
I reject lots of residential connections...
The
On Tue, 25 Oct 2011 07:15:00 -0400, Jeroen Massar jer...@unfix.org wrote:
On that iToy of yours it is just a flick of a switch, presto.
Where flick of a switch is actually several steps...
Settings - Network - VPN... there's your switch.
Wait for it to connect
Go back to mail, refresh...
Ricky Beam jfb...@gmail.com wrote:
Works perfectly even in networks where a VPN doesn't and the idiot
hotel
intercepts port 25 (not blocks, redirects to *their* server.)
--Ricky
Why do they do that?
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Tue Oct 25 14:53:32
2011
Subject: Re: Outgoing SMTP Servers
From: Alex Harrowell a.harrow...@gmail.com
Date: Tue, 25 Oct 2011 20:52:46 +0100
To: Ricky Beam jfb...@gmail.com, Jeroen Massar jer...@unfix.org
Cc: nanog@nanog.org
Ricky
On 25 October 2011 20:52, Alex Harrowell a.harrow...@gmail.com wrote:
Ricky Beam jfb...@gmail.com wrote:
Works perfectly even in networks where a VPN doesn't and the idiot
hotel
intercepts port 25 (not blocks, redirects to *their* server.)
--Ricky
Why do they do that?
My home ISP run an
No no no no no.
The problem with your theory below is that:
1. It is by far best for users to authenticate to send mail.
2. Your solution works only for unencrypted unauthenticated users that ignore
the certificate presented by the mail server.
Put another way, your mechanism rewards those
On Tue, Oct 25, 2011 at 5:56 PM, Owen DeLong o...@delong.com wrote:
Put another way, your mechanism rewards those
doing the wrong thing while punishing those of us
sending our email via encrypted and authenticated
mechanisms.
Owen,
If you're doing the right thing, sending email via encrypted,
On 10/25/11 12:31 PM, Ricky Beam wrote:
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong o...@delong.com
wrote:
Wouldn't the right place for that form of rejection to occur be at
the mail server in question?
In a perfect world, yes. When you find a perfect world, send us an
invite.
I
On Oct 25, 2011, at 3:16 PM, William Herrin wrote:
On Tue, Oct 25, 2011 at 5:56 PM, Owen DeLong o...@delong.com wrote:
Put another way, your mechanism rewards those
doing the wrong thing while punishing those of us
sending our email via encrypted and authenticated
mechanisms.
Owen,
If
Owen DeLong wrote:
It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general
agreement,
even among them seems to be that only 25/tcp should be blocked and that
465 and 587 should not be blocked.
From my
I didn't see anyone address this from the service provider abuse
department perspective. I think larger ISP's got sick and tired of
dealing with abuse reports or having their IP space blocked because of
their own (infected) residential users sending out spam. The solution
for them was to block
Blake Hudson wrote:
If
587 becomes popular, spammers will move on and the same ISPs that
blocked 25 will follow suit.
I don't see this happening as easily. Authenticated means an easier
shutdown of an account, rather than some form of port block/etc.
A better solution would have been to
J wrote the following on 10/25/2011 9:25 PM:
Blake Hudson wrote:
If
587 becomes popular, spammers will move on and the same ISPs that
blocked 25 will follow suit.
I don't see this happening as easily. Authenticated means an easier
shutdown of an account, rather than some form of port
On 25/10/2011 23:03, Mike Jones wrote:
On 25 October 2011 20:52, Alex Harrowell a.harrow...@gmail.com wrote:
Ricky Beam jfb...@gmail.com wrote:
Works perfectly even in networks where a VPN doesn't and the idiot
hotel
intercepts port 25 (not blocks, redirects to *their* server.)
--Ricky
On 26/10/2011 04:35, Blake Hudson wrote:
An infected machine can just as easily send out mail on port 587 as it
can using port 25. It's not hard for bot net hearders to come up with a
list of valid credentials stolen from email clients, via key loggers, or
simply guessed through probability. I
On Tue, Oct 25, 2011 at 8:15 PM, Owen DeLong o...@delong.com wrote:
On Oct 25, 2011, at 3:16 PM, William Herrin wrote:
If you're doing the right thing, sending email via encrypted,
authenticated mechanisms, then you're doing it TCP ports 587 or 443.
Where Mike's mechanism obstructs you not at
On Oct 25, 2011, at 9:33 PM, William Herrin wrote:
On Tue, Oct 25, 2011 at 8:15 PM, Owen DeLong o...@delong.com wrote:
On Oct 25, 2011, at 3:16 PM, William Herrin wrote:
If you're doing the right thing, sending email via encrypted,
authenticated mechanisms, then you're doing it TCP ports 587
On 10/25/2011 11:17 AM, Owen DeLong wrote:
But that applies to port 25 also, so, I'm not understanding the difference.
Other people running open port 587s tends to be quite self-correcting.
At this point, so do open port 25s.
The differences is in intentions from the user. All SMTP
On 10/25/2011 10:19 PM, Blake Hudson wrote:
I didn't see anyone address this from the service provider abuse
department perspective. I think larger ISP's got sick and tired of
dealing with abuse reports or having their IP space blocked because of
their own (infected) residential users sending
On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:
I am curious about what network operators are doing with outbound SMTP
traffic. In the past few weeks we have ran into over 10 providers,
mostly local providers, which block outbound SMTP and require the users
to go THOUGH their mail
1 - 100 of 102 matches
Mail list logo
