North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Despamming wholesale dialup

  • From: Phil Howard
  • Date: Fri Oct 30 14:16:45 1998 
Bryan Bradsby wrote:

> Block port 25 (only) from all "open modem banks" (TM) to my SMTP servers. 
> If implemented on a large enough scale, the modem user will be
> 'encouraged' to use the SMTP server supplied with their account. Make each
> dialup customer go through, and be authenticated by their own SMTP server. 

I think I see an additional problem creeping in here.

The question is whether a dialup user should use the SMTP server of the
facility provider, or of the ISP that actually resells the account.  You
could have virtual ISP resellers with no facilities at all, but lets take
a look at a small ISP that does have facilities, and is reselling dialup
to a national provider so his local business customers can have roaming
access without calling an 800 number.

If the small ISP opens their SMTP server to the IP addresses of the big
national dialup provider, which they would have to do in order to be able
to handle that roaming customer who could be just about anywhere, will
they not also be opening themselves up to being a relay for any spammer
that uses any reseller of that national provider?  Will not such spammers
then have access to every ISP doing reselling via that national one?

I think the SMTP server that should be used when dialing that national
provider is the SMTP server provided by that national provider, unless
some kind of VPN is used (to be more technically correct, use the SMTP
server of the provider of IP addressing).

Roeland's issue still applies when the dialup customer is using his domain
name as the FROM/REPLY.  But if the national provider SMTP servers accept
any domain name in the FROM/REPLY, and just log the reality as it sees it
in the header (e.g. dialup port and time which can be cross checked with
the access logs), then anyone can use these dialups, and spammers won't
get an advantage of being able to spew their filth to other than the SMTP
server of the dialup provider.

-- 
 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at intur.net        |  --
    -- *-----------------------------*      philh at intur.net       * --