Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
Because that would require providers to act like professionals, join an Internet Mail Services Association, agree on policies for mail exchange, and require mail peering agreements in order to enable port 25 access to anyone. Nice in theory, but I don't think it would scale. In essence you are asking for a return to the UUCP model, where if you wanted to send mail on the network you had to have a deal with someone. No, I am not suggesting a return to the UUCP model. If I was then I would have said that. I am suggesting that we apply the lessons learned from the BGP peering model. The BGP peering model evolved over many years of people hashing out and modifying many bilateral peering agreements. I don't think we need to do this with email, because we the larger email providers can all sit down and together and based on the BGP experience, they can come up with a standard multilateral agreement that will suit most people. Or, more likely, two multilateral agreements. One for members of the email peering core, and the other for non-core operators. The reason this needs to be done in an association, in public, is because email is not BGP. BGP is an arcane piece of technology which does an arcane job in interconnecting networks. There is no significant public interest in BGP. Email, on the other hand, is an end user service and it is abundantly clear that the end users of the world are FED UP with the inability of Internet email providers to maintain and improve the quality of the service. Every year for the past 10 years the quality of Internet email has degraded. And while other services like instant messaging can take up some of the slack, they cannot fully replace a store and foreward email system. But, every time someone tries a blanket block of (for instance) China, or even appears to do so, there's a huge outcry. If you create an organization to do that, you'll not only have an outcry, you'll have a target for legal action (restraint of trade?). There you go again, just like everyone else. You assume that the problem is somebody else and we just need to shoot that somebody else with big guns. Well, I have news for you. I HAVE SEEN THE ENEMY AND HE IS US! The problem is a fundamental shoddiness in the email services architecture which is compounded by a fundamental shoddiness in email service operations. Bandaid solutions abound. The whole thing is made out of bits of string and sealing wax. I recommend that you read Dave Crocker's draft on Internet email architecture. http://www.bbiw.net/specifications/draft-crocker-email-arch-03.html In order to understand what I am getting at you have to begin looking at the problem from a high level, not down in the greasy gearboxes. Dave's draft can be a bit inscrutable, but he is at least trying to document the overall architecture so that we can talk clearly about how to manage it in a way that provides a high quality email service to the end user. --Michael Dillon
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
No, I am not suggesting a return to the UUCP model. If I was then I would have said that. I am suggesting that we apply the lessons learned from the BGP peering model. I'm skeptical that a model that only sort of works for under 30K ASNs and maybe 1K bilateral peering agreements for the *really* big Tier-1s won't scale to a world that has 40M+ .com domains and probably a million SMTP servers. pgpLEkmUpjKFW.pgp Description: PGP signature
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
No, I am not suggesting a return to the UUCP model. If I was then I would have said that. I am suggesting that we apply the lessons learned from the BGP peering model. I'm skeptical that a model that only sort of works for under 30K ASNs and maybe 1K bilateral peering agreements for the *really* big Tier-1s won't scale to a world that has 40M+ .com domains and probably a million SMTP servers. Well the way that I see this scaling is that you have a core of email service providers who are members of the Internet Mail Services Association. These core operators sign up to a multilateral mail peering agreement and provide email transit services for other operators. The next layer is the non-core email service providers who have bilateral mail peering agreements with one or more core email transport providers. They essentially relay their email through a core provider, or possibly, they use some credential provided by their peer in the core to connect directly to other core members. The key thing here is that there is some kind of contractual agreement between the second tier and the core members. If the second tier breaks the agreement, their email flow is summarily cut off. You can do that with contracts. The mechanism for email transport and authentication is something that other people can work out. I know that relaying will work, but may not scale. However there are ways around this by separating the credentials/authentication from the mail flow. For instance, the 2nd tier provider connects to his peer in the core (CORE A) and asks for a credential to send mail to another core member (CORE B). CORE A hands him a magic cookie. He connects to CORE B and hands over the cookie. CORE B validates that this is a legitimate credential from CORE A. Email flows. And then there is the last layer which I call the end user. Of course this includes many organizations as well as individuals. It could even include someone who hosts mailing lists, i.e. someone who sources large volumes of mail. These people never talk to the core providers and submit all their email to a 2nd tier provider through the authenticated submission port. This group is the most important group because the entire system exists to serve their needs. Note that a large provider like AOL would be both a core email services provider and a 2nd tier provider at the same time. The 2nd tier deals with end users. In fact, AOL will also be an end user as will every other company. It is more useful to think of the functionality here rather than trying to map specific companies into a specific layer. I think that most people will agree that the architecture that I have described stands a good chance of scaling to a global level. And if there are some scaling issues that arise, they should be able to be solved within the core, i.e. the group with multilateral email peering agreements. They may decide to put some hierarchy within the core to match up with geography on a broad scale. --Michael Dillon
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
On Tue, 1 Mar 2005 [EMAIL PROTECTED] wrote: I'm skeptical that a model that only sort of works for under 30K ASNs and maybe 1K bilateral peering agreements for the *really* big Tier-1s won't scale to a world that has 40M+ .com domains and probably a million SMTP servers. Well the way that I see this scaling is that you have a core of email service providers who are members of the Internet Mail Services Association. The business world simply doesn't work that way. Ever heard of the phrase Standards are great -- there's so many of them to choose from!? These core operators sign up to a multilateral mail peering agreement and provide email transit services for other operators. The next layer is the non-core email service providers who have bilateral mail peering agreements with one or more core email transport providers. Contrary to what you said before, this *IS* the UUCP model in a nutshell. It has been done before, it does not scale, and it does not fit the way business works today. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
Unfortunately, providers seem to prefer unilateral heavy-handed behavior rather than acting professional. They prefer working out solutions in isolation or in small closed cabals working in secret in backrooms rather than working open to public scrutiny in an association. They prefer to operate in an environment in which there are no agreed policies for Internet email exchange rather than having a viable Internet email system in which everyone works together to add value to the users. They prefer to play secret games with blacklists, bayesian filters, hodge-podges tacked onto the Internet's DNS systems, and other antisocial behaviors rather than openly saying that people must meet certain standards in order to *SEND* email. Why do you believe more red tape will mean better service? You misunderstand me. I believe *LESS* red tape will mean better service. Today, an email operator has to deal with numerous blacklisting and spam-hunting groups, many of which act in secret and none of which have any accountability, either to email operators, email users or the public. I'd like to see all of this inscrutable red tape swept aside with a single open and public organization that I have been calling the Internet Mail Services Association. This will mean less red tape, more transparency, and more accountability. --Michael Dillon
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
On Mon, 28 Feb 2005 10:35:53 GMT, [EMAIL PROTECTED] said: You misunderstand me. I believe *LESS* red tape will mean better service. Today, an email operator has to deal with numerous blacklisting and spam-hunting groups, many of which act in secret and none of which have any accountability, either to email operators, email users or the public. Actually, most of those blacklisting groups have the *ultimate* accountability to e-mail operators - if the operators disagree with the way the group does things, they stop using the blacklist. I'm making the rash assumption that operators are klooed enough to either not use a blacklist they don't agree with, or know how to whitelist their disagreements. If the operator isn't, well.. consider it time for evolution in action. I'd like to see all of this inscrutable red tape swept aside with a single open and public organization that I have been And you intend to get enough consensus of goal amongst all these divergent groups with their differing goals and criteria, how, exactly? Remember that we as an industru (at least as represented on NANOG) can't even come to an agreement about port 587 or filtering 1918-sourced addresses. ;) pgp1Cdb7EYIdq.pgp Description: PGP signature
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
[ This discussion should be moved to Spam-L. ] On Mon, Feb 28, 2005 at 10:35:53AM +, [EMAIL PROTECTED] wrote: You misunderstand me. I believe *LESS* red tape will mean better service. Today, an email operator has to deal with numerous blacklisting and spam-hunting groups, many of which act in secret and none of which have any accountability, either to email operators, email users or the public. Nonsense. Those groups are accountable to those who choose to avail themselves of their work. Mail system operators -- as they have already demonstrated by their actions -- will not use those resources which are run incompetently or which do not provide satisfactory results. And the wide range of resources available (there are probably about 500 DNSBLs at the moment) and the variety of policies by which they're run provides healthy competition as well as a selection of tools sufficient to allow just about any local policy to be implemented. There is no need for these operators of these resources (say, SPEWS) to be accountable to anyone else. Why should they be? They merely publish a list. If you don't like their list or the policies they use to build it: don't use it. But know that everyone else will make their choices according to their own needs, not yours. I'd like to see all of this inscrutable red tape swept aside with a single open and public organization that I have been calling the Internet Mail Services Association. This will mean less red tape, more transparency, and more accountability. It will also mean that anyone with deep enough pockets to buy their way in will get a pass to spam as much as they want. Sorry, but this experiment has already been run (see bonded spammer) and has been a miserable failure. Besides, there is no inscrutable red tape. Dealing with DNSBLs is quite easy. Of course, you may not get the results *you* wish to have, but if you're running or occupying a spammer-infested network, then the results *you* wish to have are unimportant. ---Rsk
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
At 4:51 PM + 2/25/05, [EMAIL PROTECTED] wrote: I'll agree with you on one thing, though -- the whole business of port 587 is a bit silly overall...why can't the same authentication schemes being bandied about for 587 be applied to 25, thus negating the need for another port just for mail injection? Because that would require providers to act like professionals, join an Internet Mail Services Association, agree on policies for mail exchange, and require mail peering agreements in order to enable port 25 access to anyone. Nice in theory, but I don't think it would scale. In essence you are asking for a return to the UUCP model, where if you wanted to send mail on the network you had to have a deal with someone. The problem isn't agreements, the problem is that there are borders at which people will not be willing to block, even if there is bad behavior. After all, there's nothing stopping ISPs from blocking port 25 passing through their networks now. But, every time someone tries a blanket block of (for instance) China, or even appears to do so, there's a huge outcry. If you create an organization to do that, you'll not only have an outcry, you'll have a target for legal action (restraint of trade?). That kind of thing needs government level action. It's highly unlikely to happen, and it's far from clear that we would want it to. -- Kee Hinckley http://www.messagegate.com/ Enterprise Messaging Security and Compliance http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote: I'll agree with you on one thing, though -- the whole business of port 587 is a bit silly overall...why can't the same authentication schemes being bandied about for 587 be applied to 25, thus negating the need for another port just for mail injection? Because that would require providers to act like professionals I don't see what the big deal is. mx.justthe.net, for instance, requires SMTP AUTH on port 587 for everyone and requires SMTP AUTH on port 25 for anyone attempting to relay mail outside my network. The biggest cost I can see, and it *is* a significant cost, is walking users through the process of configuring their MUAs to do the authentication. Configuring the servers, however, shouldn't be a huge problem, and you can mitigate the cost issue by only setting up 587 for people who need to have it set up. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED In case anyone was wondering, that big glowing globe above the Victor Valley is the sun. -Victorville _Daily Press_ on the unusually large amount of rain the Southland has gotten this winter (January 12th, 2005)
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
On Fri, 25 Feb 2005 16:51:31 +, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'll agree with you on one thing, though -- the whole business of port 587 is a bit silly overall...why can't the same authentication schemes being bandied about for 587 be applied to 25, thus negating the need for another port just for mail injection? Because that would require providers to act like professionals, join an Internet Mail Services Association, agree on policies for mail exchange, and require mail peering agreements in order to enable port 25 access to anyone. You might want to check out http://www.maawg.org - at least stateside, that's about the only operational mail admin / antispam conference I know of that's attended by ISP mail system and abuse desk admins rather than assorted vendors. They've got a mtg march 1-3 in San Diego (I'll be there btw) srs Unfortunately, providers seem to prefer unilateral heavy-handed behavior rather than acting professional. They prefer working out solutions in isolation or in small closed cabals working in secret in backrooms rather than working open to public scrutiny in an association. They prefer to operate in an environment in which there are no agreed policies for Internet email exchange rather than having a viable Internet email system in which everyone works together to add value to the users. They prefer to play secret games with blacklists, bayesian filters, hodge-podges tacked onto the Internet's DNS systems, and other antisocial behaviors rather than openly saying that people must meet certain standards in order to *SEND* email. The Internet email architecture is based on something called *SIMPLE* mail transport protocol which its creator never intended to last for so long. It is a flat architecture and in common with other flat architectures it does not scale. If flat architectures did scale on the Internet, then everyone with a dialup would be running BGP and announcing their /32 IPv4 route. There is no good reason why the large email providers, most of whom are network operators, do not form an open Internet Mail Services Association to hammer out the details of a new email services architecture so that everyone can sing from the same hymnbook and so that email just works, seamlessly, everywhere. I strongly suspect that a new architecture will have fewer weak points that can be exploited by spammers but spam is really a secondary problem. The real problem is that the IETF protocol development process is not the right place for email service operators to work out operational frameworks and policies. This is an area where the United Nations and the ITU can bring about *REAL* improvements to the Internet and I hope that the existence of the WSIS will lead to this. No, I do *NOT* support the ITU taking on a governance role over the Internet. What I do support is for the companies in this industry to wake up and smell the coffee. Nature abhors a vacuum. Currently we have collectively created a vacuum which the UN and ITU *WILL* fill if we don't fill it first. --Michael Dillon -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
You might want to check out http://www.maawg.org - at least stateside, I'm uncomfortable with two aspects of this group. First is it's anti-abuse stance. I would prefer to see a group that was focussed on services, i.e. providing the best email service possible to end-users. The second thing is the secrecy surrounding this group. It seems that they see themselves as some sort of private police force and I believe that is 180 degrees in the opposite direction from where we should be going. If there is too much crime in the streets, should we have citizen militias out there carrying guns? This seems to be the approach that MAAWG is taking. Quite frankly, there is too much emotion involved in the email issue. Too many people who irrationally hate spam and are willing to take extreme measures as a result. I do not believe that there is a spam problem at all. We merely have a creaky old email architecture built tacked together out of sticks and glue. From a distance, it looks impressive, but it suffers from many weaknesses which vandals, and now criminals, can exploit. I know that if we fix the internet email services architecture, then the bad guys will just miraculously disappear. It's like tearing down a drafty, leaky old building and putting up an airtight, insulated building on the same site. I once knew a guy who built a massive greenhouse out of 1 by 2 strips of scrap would from a sawmill. It was sticker wood for those from the Northwest. You could only get maybe 3 feet of useful length before there was a knot or it was warped too badly. He nailed these together to make 2 x 6 's and bigger beams. He build walls, 4 feet high all around, 40 feet wide and 200 feet long. Then he pieced together arches to hold the polyethylene sheeting. Inside he built raised beds of wood and two stories of lattice shelving above them. The beds were 3 feet wide arranged in aisled on either side of a central aisle. He did all this with a saw, thousands of nails, and these thin strips of wood. It worked for a few months, and grew some great early strawberries. He had it filled with tomato and melon vines just beginning to bloom when it started to tilt. Fact is, this structure had too many weaknesses. Insect pests crawled in through the cracks. Warm air escaped through the cracks. Moisture condensed in the cracks causing mold and rot to begin, and the wood to swell and warp in interesting ways. There were too many weaknesses, too many points at which it could be attacked by the elements. So, only 5 months after he began to build it in early March, I helped him set fire to the dangerous structure on a rainy July morning. It was the safest and cheapest way to dismantle the building which, let's face it, had no scrap value. The local fire department agreed that it was best done before the summer heat parched the landscape. And that was that. The Internet's current email architecture isn't quite as bad as the greenhouse. There are many bits that can be salvaged, but the salvage work requires coordinated effort and I do not see any organization in the world that is capable of stepping up to such a challenge outside of the ITU and the various national governments. Either we create an organization dedicated to providing a superior email service to end users, or we will all be implementing ITU email standards to comply with new legislation. --Michael Dillon
Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?)
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [Fri 25 Feb 2005, 18:13 CET]: Unfortunately, providers seem to prefer unilateral heavy-handed behavior rather than acting professional. They prefer working out solutions in isolation or in small closed cabals working in secret in backrooms rather than working open to public scrutiny in an association. They prefer to operate in an environment in which there are no agreed policies for Internet email exchange rather than having a viable Internet email system in which everyone works together to add value to the users. They prefer to play secret games with blacklists, bayesian filters, hodge-podges tacked onto the Internet's DNS systems, and other antisocial behaviors rather than openly saying that people must meet certain standards in order to *SEND* email. You keep riding this particular horse. Right now, to connect to the Internet you need to comply with quite some regulations already - have a computer and a modem and a contract with a dialup ISP, or even get DSL or cable installed. More options are available if you have more money, companies can pay for redundant T3's etc. Obviously this has not kept the `bad guys' out. Why do you think that enforcing contractual relationships for e-mail as well as basic IP service will make any difference? Why do you believe more red tape will mean better service? -- Niels. -- The idle mind is the devil's playground
The Terrible Secret of MAAWG (was Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?))
On 02/25/05, [EMAIL PROTECTED] wrote: You might want to check out http://www.maawg.org - at least stateside, I'm uncomfortable with two aspects of this group. First is it's anti-abuse stance. I would prefer to see a group that was focussed on services, i.e. providing the best email service possible to end-users. Services are the competitive differentiator between the various companies which do e-mail, so that's not likely to happen. The second thing is the secrecy surrounding this group. You (or anyone else) can attend the meeting in San Diego. The price online for non-members was $100, but online registration is closed and I don't know what it'll cost on-site. Here's the agenda, complete with topics and names of presenters and who they each work for: http://www.maawg.org/news/news/0503_GeneralMeeting The secret has been revealed! Viva la revolucion! -- J.D. Falk uncertainty is only a virtue [EMAIL PROTECTED]when you don't know the answer yet
Re: The Terrible Secret of MAAWG (was Re: Internet Email Services Association ( wasRE: Why do so few mail providers support Port 587?))
And what's an even stranger secret is that MAAWG members get to pay double the registration fee of non maawg members :) Now that's openness for you ... Come on in .. it is the nearest thing to nanog that I've seen for mail ops people in the NA region (+ quite a lot of the world). --srs (I like apcauce better, but well I organize it so I got to be proud of it) :) On Fri, 25 Feb 2005 16:47:31 -0800, J.D. Falk [EMAIL PROTECTED] wrote: The second thing is the secrecy surrounding this group. You (or anyone else) can attend the meeting in San Diego. The price online for non-members was $100, but online registration is closed and I don't know what it'll cost on-site. Here's the agenda, complete with topics and names of presenters and who they each work for: http://www.maawg.org/news/news/0503_GeneralMeeting The secret has been revealed! Viva la revolucion! -- Suresh Ramasubramanian ([EMAIL PROTECTED])