On Thu, 30 Oct 1997, Greg A. Woods wrote:
We are an ISP and we don't block our dialups from going to port 25 elsewhere because this would eliminate their ability to rightfully use another mail server.
That's all fine and dandy just so long as you trust your customers and you are certain they will adhere to your AUP.
However if you offer cheap dial-up accounts that can be opened either immediately, perhaps with a credit card number, then you've got no real way to establish *any* level of trust with your new customers and indeed the only way you can enforce your AUP is by technical means. I.e. if your AUP says no spamming then you *must* implement controls that prevent new customers from spamming. Period. Otherwise Joe Spammer just buys a one-time (throw-away) account from you and violates your AUP under false pretenses. I've even heard first-hand rumours that many spammers offer fraudulent credit card numbers and personal identification so you can't even try to bill them extra for breaking their contract.
There are costs of allowing spam and costs of stopping spam. If the costs of stopping it exceed the cost of allowing it, then obviously it is in our best interest to allow it. For example, there is a 100% certain way of stopping spam -- unplug the wire. However, the fact that we are all here attests to the fact we deem this too high a cost for the benefit gained. In our case, there are legitimate uses that customers expect to be able to do, and we are unwilling to lose their business. (More below). If a spammer supplies a fraudulent credit card number, they have just committed a crime and can be prosecuted for that. The spam they send out, to be useful, must have a way of contacting them so that leaves a way to track down who they are. If a spammer wants to risk jail time to send out some bulk email, anything I do isn't going to stop him. You don't see junk faxes since it was made illegal. If they do supply their own credit card number, we charge $1 per intended recipient for any outgoing spam. That can quickly cost them more than they get from it and thus serves as a significant disincentive for them to spam.
This frequently occurs when a user accesses a mail server at work from their home dialup account. If other ISPs did this, we would have a problem where a user dialing into their ISP couldn't reach their virtual mail server, hosted on our network. We currently don't have many going the other way, but that may change.
There's no excuse for this. The user should (and must in the proposed plan) use the mail relay operated by the ISP they dial into for *all* outgoing mail.
Ok, a customer is paying for a virtual domain service. They want their outgoing mail to appear as if they are running their own mail server, they don't want people to know they are using someone else for it. If they use their other ISP for SMTP relay, that shows up in the outgoing mail. I agree this is a minor issue for me, but it is not for some of our customers and since the customer is paying the bill, he gets what he wants.
In our case, this doesn't help since we and all the other local ISPs block relay access, so you have to use the mail server of the ISP you are currently connected to.
Exactly, so what's the problem?
I was simply saying that the example the original poster gave wasn't valid, but that there were other examples which explain why it is infeasible to implement blocking all access to port 25 elsewhere. John Tamplin Traveller Information Services jat@Traveller.COM 2104 West Ferry Way 205/883-4233x7007 Huntsville, AL 35801