On May 17, 2005, at 8:48 AM, Dennis Peterson wrote:
Bart Silverstrim said:
To me, that price is learning how to do it right. Price isn't always monetary.
I wouldn't argue with the idea of having to tell your provider that you
need your particular connection unfiltered and leave it unfiltered
because you're setting up the server.
What you are paying for is their trust that you are doing your part correctly.
I'm not sure of that...maybe that's your relationship with your provider, but I know what I was looking for when I bought access :-)
As an ISP my greatest investment aside from my hardware is my IP. Anything that puts it at risk puts all at risk.
Your intellectual property? Or do you mean your address?
Policy describes I do
all I can to protect that investment so I set the rules. I don't have to
trust my average customers because I manage the resources.
And vice-versa. If you want to offload the responsibility and liability. I'm telling you there are people who don't want that, and if they're willing to shoulder the burden it should be shifted to them.
Second, as a business, businesses cater to market desires. If you don't want to do that then that's your business. You probably won't lose a huge number of people because of it but there are some that would leave if they couldn't find a solution that fits them. Most businesses understand that there's a balance...give customers what they want, and they will be your customers instead of your competitor's. Other businesses don't really care or don't want to serve that kind of market.
If you come to
me and ask me to loosen my rules I will do that but you have to invest in
my trust in you. By requiring you to have a higher liability I encourage
you to avoid activities that put your investment in jeopardy.
*shrug* fine with me. :-)
Imagine I am an ISP and you are a customer and you spam the world with
your own machine, drawing attention to my IP block. As is the norm, my IP
is blacklisted and I have to go to the blacklist vendors, hat in hand, to
explain that you, not I, did the dirty deed, and that I've pulled your
account. Personally I would probably find you and kick your ass, but
technically, I could have avoided the problem by requiring you to use my
smtp server and my traffic policies.
Ahh...see...there are other things that can draw unwanted attention. And while using just your resources may be one way to prevent the problem, there are others as well, and it's not a guarantee that you'll be entirely protected still. There are trojans now spamming through the legit servers now.
Blocking ports can have oddball side effects...secondary collateral damage. Not always significance, but non-blocking is one less thing to worry about.
And why must I trust you? Is there something else you're doing to the email that I don't know about? After all, you could be subpoenaed into handing over copies of my email to other people without my knowledge or permission. What if I want to have my email stored on my servers with my own resources instead? Unless you're covering something up, perhaps?
So if you're going to shoulder the burden of protecting me from my own stupidity to keep yourself looking better and off lists, what else are you going to block or monitor? I mean, RIAA surely must be knocking at your door if you have more than a hundred users out there. So you block those ports too? Monitor for any and all programs that can be used for file sharing? Mandatory website traffic blocking to prevent porn from hitting the end user?
Maybe you could require users to only run Linux or OS X, immune to most attacks and thus making your network better and safer? Or probe your customer's systems to see that they have the latest updates, and if not, cut off access at your router and have them redirected to a site that has the latest updates for Windows and not allow access until the updates are installed? There are some colleges that take that approach. I wouldn't want the liability of forcing a customer to update to the latest service pack and possibly having it keep them from booting or wiping some data, but hey, to each their own.
Now imagine you are one of 25,000 customers I have to deal with. Where do you think I'm going to put my effort?
Serving the customer the service they want? :-)
If I don't want anything other than access, that's all I'm looking for. I don't want to pay for blocking, filtering, or storage space on your servers.
It can be argued that true spammers are so profitable they can afford to
throw away any reasonable fees I might impose.
Considering that they're A) using zombied Wintel crap to spam and/or B) using foreign soil systems to spam, I don't think that's the problem.
It is certainly true, but
what I advocate is not directed at them. I'm just trying to help keep the
99.9% honest people out there from screwing up my business because they
use a POS Windows system that even Bill Gates, Inc. can't keep clean.
Sure you're in the right business? :-) As a business, you often have to cater to the users. Forcing users to conform to you doesn't necessarily win you accolades. Maybe it's not a big issue for most people...but most people also don't know what the registry is either. For those that do know, they may not appreciate someone telling them that "we know better than you do what is needed to keep you safe".
I'm not against your goals, and for the everyday user, they're probably effective. I'm just saying it pays to cater to the power user once in awhile.
I also said a nice compromise is blocking by default until you have a user that knows what they're doing request the block removed. If they know enough to ask about port 25 being unblocked, they probably are someone who would be willing to take some of that liability. Not always true, I know...but at least someone that can be worked with. If they have problems, cut'm off. Part of the agreement.
But you're also right in that this is the ClamAV list, and while this is an interesting issue to discuss, some of the listmoms are probably getting riled up enough to start complaining soon :-)
Thanks to everyone who gave me some resources regarding Postfix blocking the German worm spam...
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
