North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

SMTP relaying policies for Commercial ISP customers...?

  • From: Dan Ellis
  • Date: Fri Feb 13 09:04:28 2004

My apologies for another annoying SMTP thread.


So, while considering enabling SMTPAUTH for all our customers, I’m planning on placing firm policy on relaying.  We’re a regional broadband ISP/MSO that also serves a significant number of educational and commercial cable/DSL connections as well as a large number of T1/T3/OC3/Ethernet customers.


That leaves with me needing to define how we will handle 3 situations: 

1)       Residential (a few dynamic IP computers)

2)       Broadband Commercial (Static IP and a few forwarded IP’s, a dozen end user PC’s)

3)       Dedicated commercial customers (t1/ds3/Ethernet/oc3)



HISTORY:  Old school thought was that as long as you are on an ISP’s IP space, you can use them to relay.  This made it easy for roamers as everyone would use the ISP’s mailserver for outbound, and their mailserver for inbound.  Yes – there was always a fuzzy line for t1/ds3/oc3 customers because some ISP’s allowed their space to relay and some did not.  I’m trying to determine what the “new school” thoughts are.


Below are my thoughts and concerns on each.  I’m interested in hearing what others have implemented regarding policy, what the large NSP’s have implemented, and what your thoughts are. 


1)       Residential Policy:  Enable SMTPAUTH and disallow relaying unless the customer has a valid username/password.  If you’re not paying for a mailbox, you don’t get to relay outbound.  This should not break anything except those residential accounts that *should* be commercial anyway.

2)       Broadband commercial: This is the difficult one.  These are the customers that aren’t big enough to rightfully run their own mailserver, but they are big enough to have roaming users on their networks (coffee shops, branch offices, hotels, SOHO….).  They expect relaying service for either their mailserver or for all their various PC’s.  At the same time, they don’t have many, if any mailboxes through the ISP.  My thought is that they should ONLY be allowed to relay via SMTPAUTH by using a residential mailbox login/pass OR they need to purchase a commercial relay service (expensive because of the openness of it) for their IP space.

3)       T1+ : These customers should not be allowed to relay unless they purchase (expensive) relay services for their IP space.  Of course, they can always use a residential mailbox, but will have to use SMTPAUTH for it and will be restrained by the same policies residential mailboxes have (low tolerance tarpitting,…).



As always, thanks in advance.





Daniel Ellis, CTO, PenTeleData