John R. Levine writes:
And since we're on this topic, at NANOG in Scottsdale we suggested that ISPs firewall in their users so the only port 25 connections they can make are to the ISP's own SMTP server, so the ISP can stamp outgoing mail with the actual sender ID and possibly do volume monitoring and choking. (You could either block connections or other systems, or warp them to your own servers, and you'd need provision for exceptions for people who send in a signed AUP, etc.) How far is that from being feasible for POP farm customers?
It is pretty easy to filter port 25 connections from the ranges in question. I will also point out that many of the recent "smurf" attacks and similar problems people are having on the net would be gone if people would just carefully filter internal/external addresses on their border machines, that is, prevent packets claiming to be from "inside" networks from coming in from the "outside", and prevent packets claiming to be from "outside" networks from going out from the "inside". The latter will stop your network from *ever* being the source of a wide variety of packet forgery attacks, and is necessary to being a good network citizen. The former will stop your network from being the subject of a wide variety fo packet forgery attacks, and is necessary to make your customers even remotely safe on the net. I've been thinking of surveying randomly selected networks to see how many people are actually taking these (critical and necessary) steps. Perry