We are an ISP of about 60,000 customers, and in the past our systems were setup to allow networks from mynetworks (a large number of IPs) as well as a lookup table that allows users who have previously popped the server to relay mail. We recently added SMTP Auth capability, and are seriously considering moving solely to SMTP Auth for access to our outbound mail system. Our reasoning is that compromised computers on our allowed networks are free to send all the spam they want and we really don't have a good way to track what users are sending the spam. We do have outbound email filtering, so the spam doesn't leave the network. Another reason for wanting to drop mynetworks and pop before smtp is simplification of our systems. Keeping up with the IPs in mynetworks is a hassle, and the pop before smtp seems redundant when you think these customers could be authenticating with SMTP Auth. The best feature of SMTP Auth in our opinion is that it leaves an audit trail of who is sending email, in what quantity, and where they are connecting from, which allows us to track spammers more effectively.
To summarize, we think SMTP Auth is the simplest and most useful way to allow people to send mail through our outbound mail system, and we are hoping to get some feedback from the community regarding this perspective. Thanks.
