Matthew Crocker wrote:
Shouldn't customers that purchase IP services from an ISP use the ISPs mail server as a smart host for outbound mail?
Look carefully at that question and find the logic error. ....... In case you missed it, the customer purchased 'IP' service, not 'ISP mail service'.
We block outbound port 25 connections on our dialup and DSL pool. We ask our customers that have their own mail servers to configure them to forward through our mail servers. We get SPAM/abuse notifications that way and can kick the customer off the network. We also block inbound port 25 connections unless they are coming from our mail server and require the customer setup their MX record to forward through our mail server. We virus scan all mail coming and going that way. We protect our customers from the network and our network from our customers. We are currently blocking over 3k Sobigs/hour on our mail servers. I would rather have that then all my bandwidth eaten up by Sobig on all of my dialup/DSL connections.
Running a walled garden is fine as long as that is what your customers are signing up for. One question though, why aren't you also running a web proxy and NetNanny to protect your customers from the 'bad' content on port 80? What makes port 25 so special?
SMTP & DNS should be run through the servers provided by the ISP for the exact purpose. There is no valid reason for a dialup customer to go direct to root-servers.net and there is no reason why a dialup user should be sending mail directly to AOL, or any mail server for that matter (besides their host ISP)
This line of thinking leads us to a cabal that has complete control over communication. Think about it, a few large organizations allow/encourage abuse, then claim that the only resolution to the abuse is to route all communication through the centrally controlled servers. We end up back in the PTT style monopolies where censorship becomes trivial. Tony