North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

mobile user strawman argument

  • From: Mike Leber
  • Date: Wed Jun 29 05:52:28 2005

Directed at no specific person because I've seen several people use it in
their examples recently...

I'm seeing alot of arguments in the form of "I have mobile users and they
aren't going to be able to send email if you use injection IP mail
filtering approach X"  (where X is SPF, MX+, or what have you); which take
the same form as the arguments people made against closing open relays.

For those that don't remember, prior to around 1995 or so most all mail
servers would relay may for anybody by default.  People that got tired of
being abused made it so only their customers could use their mail servers
to relay mail by methods such as: POP AUTH, only relaying mail for their
customer IPs, only accepting mail to be relayed from domains that were
hosted on that server, etc.

At that time some people swore up and down it was unworkable because all
of their mobile users wouldn't be able to send mail using their mail
servers because the remote users use random dynamic IPs from all over the

After a large amount of gnashing of teeth and whining, and the spread of
knowhow of the several different methods to close an open server yet still
allow your users to send mail, these objections were overcome and the open
relays were closed.

Ok... fast forward to the present in which we can now assert that service
providers don't use open relays to provide service to their customers.

So now I'm supposed to believe that its impossible for service providers
to coordinate which mail server a user is supposed to use to send their
mail through (with the information about authorized sending IPs for a
domain communicated to receipient SMTP servers according to the method of
your choice) when they already force their users to use only SMTP servers
that they have authorized access to relay through.

Ya, ya, ya... you are going to say 1) its impossible to get people to use
designated servers for outgoing email.  Or you will say 2) even if you do
this there will still be *spam*! (egads shock horrror!)  Ugh please.

1) Getting customers to use designated servers is already done and
standard operating procedure.

2) Most people would agree that closing the open relays as they were was
worthwhile and a sound security decision.  The fact that spam still exists
doesn't make the decision wrong, it just means that you should not be so
naive or disingenuous as to expect various limited practical precautions
to solve all the world's spam problems.

So much deja vu I feel like I'm on a merry-go-round.


+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| [email protected]                              |