North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP authentication for broadband providers

  • From: Sean Donelan
  • Date: Wed Feb 11 16:35:35 2004

On Wed, 11 Feb 2004, Daniel Senie wrote:
> Why, to restrain trade? To forbid people from using AUTHENTICATED services
> of their mail provider of choice? Why shouldn't users be able to hire an
> Email service provider who might have a LOT more clue about how to run
> email services than the broadband vendor they happen to buy a circuit through?

Why should ISPs block port 25, 135, 445, or any of the other hundreds of
ports people regularly say ISPs should block?

I think some broadband vendors would be happy to provide the pipe, and not
block any ports.  Unfortunately a lot of very vocal people regular assert
it is the *ISP's* responsibility and duty to monitor and control what its
subscribers do on the network.

If you are going to hold the ISP accountable, then expect the ISP to want
to exert some control.

> Are the complaints going back to the ISP? Or are they going to the email
> services provider who authenticated the user? (read the headers on emails
> and you'll see there is a notation regarding the authentication).

As anyone who has ever worked an abuse desk can tell you, the complaints
go back to *EVERYONE* possibly related to (and sometimes not related to)
any aspect of whatever the complaintant doesn't like.

> People spent the time and effort to build a solution to the issue of port
> 25 being largely open and unauthenticated. That solution is the SUBMISSION
> protocol. Many companies heavily use this mechanism to offer premium
> services to end users.

And I applaud your effort.  But does it really answer the question of who
is responsible for handling abuse of the service?  If ISP's are not
responsible for abuse using port 573, they probably don't care.  If the
activists are going to continue to attack ISPs anyway, then expect the
ISP to want to respond by implementing controls regardless of what port
is used.

The AOL model of subscriber control is very tempting.  What reasons
does an ISP have for not controlling what their subscribers can do.