----- Original Message ----- From: "Michael W.Cocke" > On Sat, 1 May 2004 16:02:30 +0200, you wrote: > John Fawcett wrote: > >Can you give an example of an ISP in this situation? > > Believe it or not, AT&T business DSL doesn't offer mail services (or > DNS service) unless you spring for the 5 IP address plan - which costs > $50.00 per month more than the single IP plan that I use. I would > have to use their webmail system if I wanted to use their mail server. > Not going to happen. > I doubt that they expect the users to choose to run mail servers in these circumstances.
Things could get worse. They could, as other ISPs have done, block port 25 outbound, inbound or both, if they really wanted to push people to choosing a different solution. > >In reality it isn't as stupid as it appears to you. Dynamic IPs change > >"ownership" every time a new connection is made. There is an issue of > >responsability. If spam arises from a dynamic ip how do you find out > >who sent it? Not all ISPs keep or are interested in looking up > >logs of dynamic ip assignments to progress spam reports. Not > >accepting mail from dynamic ranges is remarkably effective at > >stopping spam amongst other things. > > I agree that the dynamic IP issue is sticky - but that's what content > filters are for, IMHO. No one in their right mind is going to pump > 5000 emails out on a dialup line. Cable modems... hmmmm... I don't > have a good answer. > There are apparently still many uses for dialup lines by spammers. They can offload small message volumes onto hijacked open proxies, open relays or trojaned machines and then let these machines do the address expansion and bandwidth intensive work. Also spammers may use dual homed situations of a dialup line and broadband in conjunction. I can't remember how that works exactly, but the idea is that if they get kicked for spamming, they just lose the dialup account since the mail appears to come from there, whereas in reality they have been pumping it across a broadband connection. Blocking dynamic ip ranges is effective in these cases. I see spam coming from dynamic ips, else I wouldn't block them. There is no point in passing it to a content filter if I'm already convinced it is spam. The resource intensive content filtering can be kept for less obvious analysis. However, content filters may also mark messages from dynamic ips as spam. If someone was trying to send me mail and was being blocked by a dnsrbl list I was using, I would whitelist them since the purpose of the lists is to keep out spam not legitimate email. Problem: in the case of a dynamic ip what ip do I whitelist? John
