On Wed, 11 Feb 2004, Daniel Senie wrote:
Why, to restrain trade? To forbid people from using AUTHENTICATED services of their mail provider of choice? Why shouldn't users be able to hire an Email service provider who might have a LOT more clue about how to run email services than the broadband vendor they happen to buy a circuit through?
Why should ISPs block port 25, 135, 445, or any of the other hundreds of ports people regularly say ISPs should block? I think some broadband vendors would be happy to provide the pipe, and not block any ports. Unfortunately a lot of very vocal people regular assert it is the *ISP's* responsibility and duty to monitor and control what its subscribers do on the network. If you are going to hold the ISP accountable, then expect the ISP to want to exert some control.
Are the complaints going back to the ISP? Or are they going to the email services provider who authenticated the user? (read the headers on emails and you'll see there is a notation regarding the authentication).
As anyone who has ever worked an abuse desk can tell you, the complaints go back to *EVERYONE* possibly related to (and sometimes not related to) any aspect of whatever the complaintant doesn't like.
People spent the time and effort to build a solution to the issue of port 25 being largely open and unauthenticated. That solution is the SUBMISSION protocol. Many companies heavily use this mechanism to offer premium services to end users.
And I applaud your effort. But does it really answer the question of who is responsible for handling abuse of the service? If ISP's are not responsible for abuse using port 573, they probably don't care. If the activists are going to continue to attack ISPs anyway, then expect the ISP to want to respond by implementing controls regardless of what port is used. The AOL model of subscriber control is very tempting. What reasons does an ISP have for not controlling what their subscribers can do.