Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight
On Mon, 13 Feb 2017 22:18:49 +0100 peter hwrote: > There is not any req that all customers always should be forced to use > ISP relays, the default behaviour might be to use ISP relays, and > to have DHCP given address. But for an extra service one could > obtain a fixed address, and as extra service, use port 25. The main > point is to have those "unaware" users, whos computers might be > stolen, prevented. They won't notice, and they don't get harmed. > there used to be free (and reasonably well maintained) open lists of dynamic IPv4 ranges. Since everyone started selling (or renting) data, getting a free (and maintained) list of dynamic ranges, is difficult, if not impossible - anyone know of any such free list? > Spam from a fixed ip or range is much easier to detact and correct > then spam from any box that happens to get an DHCP lease. > Flexibility and service is the keyword here. > in a perfect world only email servers would be sending email. In our world someone's Android phone could also be an email server & client and some "ISP" loves using dynamic ranges as excuse for poorly maintained or non responsive abuse systems (or policy enforcement) > Also, to have a AUP that gives the ISP right to disconnect or block > offenders is importent, and also that the customer has right to > service. Any aggreement is twofold, both rights and obligations, like > in society in general. > > I'm glad that spam is recignised as the problem it is and hope a > renewed activity to claim back the bandwitdh and storage space the > spammer has taken from us. > > Yours > >
Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight
On Monday 13 February 2017 18.09, Richard Clayton wrote: > In message <201702131743.10508.pe...@hk.ipsec.se>, peter h >writes > > >The very simplest thing to do is make sure any outbound smtp is relaye > >through > >the ISP's > >mailrelays, where spam could be detected and subsequently blocked. > > this is very unpopular with legitimate businesses who wish to be fully > in control of their email sending destiny -- and ISPs generally do not > wish to discourage the people who cause no trouble and pay their bills > regularly and on time > > so although "port 25 blocking" is a M3AAWG Best Practice it has not been > widely adopted with the main (but not only) exception being the large > consumer ISPs in the US (ISPs in Europe have, for historical reasons, > had a significant number of business customers mixed in with pure > consumers and that has made the difference) There is not any req that all customers always should be forced to use ISP relays, the default behaviour might be to use ISP relays, and to have DHCP given address. But for an extra service one could obtain a fixed address, and as extra service, use port 25. The main point is to have those "unaware" users, whos computers might be stolen, prevented. They won't notice, and they don't get harmed. Spam from a fixed ip or range is much easier to detact and correct then spam from any box that happens to get an DHCP lease. Flexibility and service is the keyword here. Also, to have a AUP that gives the ISP right to disconnect or block offenders is importent, and also that the customer has right to service. Any aggreement is twofold, both rights and obligations, like in society in general. I'm glad that spam is recignised as the problem it is and hope a renewed activity to claim back the bandwitdh and storage space the spammer has taken from us. Yours -- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight
On Mon, Feb 13, 2017 at 05:43:09PM +0100, peter h wrote: The role for an ISP in fighting abuse is to detect and prevent it's customer from sending malware & spam out of it's network. Not filter incoming stuff, that would be censoring. And requiring to submit publications to a third party for approval prior to sending them is *not* censorship? rgds, Sascha Luck
Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <201702131743.10508.pe...@hk.ipsec.se>, peter hwrites >The very simplest thing to do is make sure any outbound smtp is relaye through >the ISP's >mailrelays, where spam could be detected and subsequently blocked. this is very unpopular with legitimate businesses who wish to be fully in control of their email sending destiny -- and ISPs generally do not wish to discourage the people who cause no trouble and pay their bills regularly and on time so although "port 25 blocking" is a M3AAWG Best Practice it has not been widely adopted with the main (but not only) exception being the large consumer ISPs in the US (ISPs in Europe have, for historical reasons, had a significant number of business customers mixed in with pure consumers and that has made the difference) - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBWKHoZDu8z1Kouez7EQKegACg5dQkRoa/iAJYEI4QDXu6AkDaL40AnRAO Ok9QS77z8Acf265vH5lDQf9W =eO/I -END PGP SIGNATURE-
Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight
I wish it were that clear cut. You also have a role to protect your customers against threats, and to ensure that their mailbox is at least usable rather than deluged with spam. Being proactive about postmaster complaints and being sensitive to false positives in filtering is a useful middle path and a widely defined best practice. Never mind that quite a few large players don’t follow it. --srs On 13/02/17, 8:43 AM, "anti-abuse-wg on behalf of peter h"wrote: As my wife urged me to clarify things :-) The role for an ISP in fighting abuse is to detect and prevent it's customer from sending malware & spam out of it's network. Not filter incoming stuff, that would be censoring.
[anti-abuse-wg] The well-behaved ISP's role in spamfight
As my wife urged me to clarify things :-) The role for an ISP in fighting abuse is to detect and prevent it's customer from sending malware & spam out of it's network. Not filter incoming stuff, that would be censoring. A number of means is available for an ISP, most provided that a customer has signed implicity or in some form a AUP where rules for use of it's services are stated. The very simplest thing to do is make sure any outbound smtp is relaye through the ISP's mailrelays, where spam could be detected and subsequently blocked. A large number of other measures exists, it's only a matter of priority. Relying on operating systems ( read MS) to solve spam is hopeless, just think of MS track record. And open source won't help either. Junking SMTP would mean that we loose a independent vendor-independent autonomous decentralized way of exchanging messages. It vwon't stop the bad guys, they can always find ways around it, but it will stop you and me from freedom to express ourself and exchange thoughts. Thanks for the opportunity to express my thoughts. -- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )