|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ingress SMTP
Mark Foster <[email protected]> writes: > On Fri, 5 Sep 2008, Mikael Abrahamsson wrote: >> >> We don't allow most of our residential customer base to speak SMTP >> TCP/25 to anywhere at all (and we have millions of them). Wish more >> ISPs would do the same. >> > > Probably fair enough, if you as an ISP can get away with enforcing > this sort of policy then so much the better. > > However relaying through your own ISPs 25/tcp should surely then make > it relatively easy for noise to be tracked down and nailed at the > source - by ISPs? (Do [email protected] desks investigate spam these days?) As others have noted, intercepting 25 breaks SPF. It also gratuitously creates weird anomalous behaviour that is much harder for a reasonably clued person to debug than a simple blocked port, so it's more likely to buy you a help desk call (with a subtle problem that your level 1 folks probably can't get sorted anyway). Perhaps you aren't in a position where you have to care about the balance sheets, but keeping the load off the help desk is a wonderful thing to do in terms of cost control. Doing traffic analysis looking for noise is just extra work for your abuse people - when I was setting policy for this sort of thing we put a cap at 1000 discrete destinations per day per authenticated user (with a daily report of who'd busted it, and most days the report was 0) and only once ran into a problem where someone was legitimately trying to send mail to a bajillion people and called the help desk. -r
|