On November 21, 2003 at 10:20, Dan Kegel wrote: > > Some would argue that spam exists precisely because running a mail > > server is so economical. Perhaps it should be more expensive. > > > > Small ISPs and organizations can relay mail via their DSL provider's > > servers, just like individuals do. Larger organizations can pay for a > > real Internet connection. I see no problem. > > I'm with Pat on this. As someone who's had occasion to > worry about security since 1992 or so, I fully support > the idea that ISPs should by default block outgoing SMTP > from customers by default (and encourage customers to > use the ISP's SMTP relay).
Then you start getting into some potentially political and legal problems. I.e. What is the nature of the service? Typically, your service provides a Net connection allow TCP/IP traffic with a notice that you would not abuse the service. Now, you advocate that blocking specific protocols are okay, but that is not what many people sign up for. Such logic backs ISPs that start blocking other traffic (like IPSec) to force customers to purchase more expensive service agreements (which I believe some ISPs have done). With that said, blocking SMTP may be good policy, BUT ISPs must clearly indicate this behavior to customers and make sure it is mentioned in the service agreement. Also, such policy will probably only be enforced on home users. Those that choose to pay for better services will be exempt of such rules; ISPs want more money and they are happy if there servers receive less of a load. Remember, ISPs are in business to make money, and they play both sides of the field on the spam debate. For example, spammers use a lot of bandwidth, and the ISPs get money for such usage. BTW, does anyone have stats on the number of spam messages that come from dynamic address ranges? Especially U.S.? It seems to me that much spam is relayed through foreign countries. Also, how do you know a range is dynamic? Whois database does not formalize such information, and such policies can change at any time for whomever owns a specific range. > The situation now is terrible, and somewhat analogous > to how operating systems used to ship with all services > on by default. It was a big improvement when OS's > started shipping with services off by default, and > doing the same thing with outbound SMTP at ISPs would > bring a similar improvement. As I noted in a previous message, it will not stop spam. Spammers that use worms to infest other systems, will just adjust tactics by using the outgoing SMTP server settings to send out spam. Someone suggested that ISPs may filter outgoing mail, but personally, I find this worrisome on privacy grounds, and technically, it doubles the load of ISPs. Plus, for it to work, ISPs will eventually have to notify their customers when they detect questionable out-bound mail, which will raise a political firestorm about privacy and PR problems for ISPs. If you really want to defeat spam, educate the idiots that actually respond to spam messages to stop responding. --ewh _______________________________________________ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
