On Thu, 28 Aug 2003 10:10 (UTC) "Stephen J. Wilcox" <steve@telecomplete.co.uk> wrote: | Whoa.. thats crazy. Obviously its an effort to stop relay forwarding | from cable modem and DSL customers but there are *lots* of legitimate | smtp servers sitting on customer sites on dynamic addresses. And at one time it was considered "helpful" for mail servers to relay anything that was presented to them. We don't think that way now, as a DIRECT result of the way in which that arrangement has been abused. So with "legitimate smtp servers" sitting on customer sites on dynamic addresses: the flexibility and convenience of such arrangements became subsidiary to the abuse and security issues they facilitated. Now if the abuse and security teams of the large providers would move *quickly* to isolate compromised machines and deal with other security related issues when they arise, the "flexibility and convenience" would probably win out in the end. But as things stand it isn't going to. We can thank the usual suspects - Cogent, Qwest, AT&T, Comcast - and in Europe: BT, NTL and possibly the world-abuse-leader, Deutsche Telekom (who run dtag.de and t-dialin.net) for this being the situation. They may think it's better for their bottom line to de-resource their security and abuse departments, and better for their customers to let them stay online while issues are resolved, but they remain oblivious to the harm this policy is doing to the internet community as a whole. | I've numerous customers I can think of straight away who use setups | such a MS Exchange on dynamic addresses where they poll POP3 boxes | and send their own SMTP! The fact that it is impossible to readily distinguish between their IPs and those of compromised boxes running Jeem etc, will mean that those sites are already likely to be experiencing significant mail rejection - and that will get worse, not better. Unless there is a turn-around soon in the attitude of backbones and other providers, I can see a "registered SMTP senders only" policy being put in place by the majority of sites by the end of 2004. Or possibly sooner. AOL's mail handling policy may be disappointing - but those of us who have been hit by their other disappointing mail policy (of accepting all undeliverable mail and then bouncing it to the (forged) sender), may see this as actually improving the situation because it visibly reduces the quantity of forged bounces *we* see originating from AOL! -- Richard Cox %% HELO - the first word of every Email transaction - is in Welsh! %%