North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Lazy network operators

  • From: JC Dill
  • Date: Wed Apr 14 15:41:55 2004 
At 10:47 AM 4/14/2004, Iljitsch van Beijnum wrote:


On 14-apr-04, at 17:45, JC Dill wrote:
I understand your frustration, but the approach of blocking port 25 isn't the right one. It may be convenient for you, but ...


Dood, this *exact* argument was made ~10 years ago against closing open
relays. So, do you think that everyone should just open their servers to
relaying for anyone, since closing all the open relays has proven to be
inconvenient for some, and not a 100% effective solution?



Hm... "If you go faster than 30 km/h in a train the air will be sucked out
and everyone inside will suffocate" vs "if you fly through the
stratosphere in an airplane without a closed cabin the air will be sucked
out and everyone inside will suffocate". So just because the former turned
out incorrect the latter is as well?



That's a bad analogy, therefore your comparison is worthless. Closing port
25 is *very* similar to closing your server to relaying. It is a way to
ensure that only authorized users send email from your network.




However, filtering TCP port 25 is bad not just because it is massively
inconvenient for many people (ever work in support?)



Simply put, I do not agree with your assertion here.



Most people are not inconvenienced by this change. In reality, very *few*
people are inconvenienced. And those people have alternate solutions. I
have helped many people configure one of these solutions when they have
encountered port 25 blocking. Recently, I helped a friend who was suddenly
"no longer able to send work email from her laptop at home" because their
home DSL connection thru her husband's employer had implemented port 25
filtering. The solution was to create a profile on her laptop that used
the DSL provider's server, and for her to select that profile when sending
email from home. An even simpler solution would have been to use port 587,
if her own work server had offered this option (unfortunately, it doesn't).



Many ISPs have successfully implemented port 25 filtering. The support
costs associated with implementing this change are small in the long run,
especially when compared to the reduced abuse support costs you will
realize when you are no longer empowering your users to abuse port 25 on
other servers.



This is the same story as when you closed your open relays, and briefly had
increased support costs, which were offset by the reduced abuse support
costs since you no longer were subject to being used as a relay or getting
complaints about the spam your servers were spewing.



It's been ten years now:



<http://slashdot.org/articles/04/03/05/160229.shtml>



We need to stop whining that it's "hard" or "expensive" do to the right
thing and close loopholes that are abused by spammers. It's much harder
and more expensive long term to NOT do the right thing.



jc







--



p.s. Please do not cc me on replies to the list. Please reply to the list
only, or to me only (as you prefer) but not to both.