GTE/Verizon has been doing this for quite some time now (almost a year or two?). I cannot recall the last time I've received SPAM from a GTE/Verizon Internet customer since this policy. I recall before this policy was in place, we got quite a large amount of spam from *.gte.net. Additionally, as you mentioned before, the From mailbox field can be falsified. This is intended to allow you to remove yourself from mailling lists amongst other things that require you to send from your email that may be hosted else where. Some say this is a security hole, but realistically your IP will be logged by Earthlink's SMTPD in the header anyways, so an email to abuse@earthlink.com would most likely tag the users count as mischevious.. This policy combined with tarpitting and a few other anti-spam techniques seems to be the best way to run a responsible SMTPD for your access customers. Just my 2 cents.. ----- Original Message ----- From: "Crist J. Clark" <crist.clark@attbi.com> To: <nanog@merit.edu> Sent: Friday, May 10, 2002 4:22 PM Subject: Re: Earthlink SMTP for Mobile Users
I was stuck in a dial-up-only hell for a few months and used quite a bit of Earthlink dial-up. I during that time, I did a variety of tinkering of the email headers (like masquerading envelopes). It sure didn't seem to me that Earthlink cared at all what domain was in the return path. Their SMTP servers would relay _anything_ provided you're source IP was in their IP-space.
So, AFAIK, you can do whatever you want with respect to outgoing mail (any source domain in the envelope or headers that you want) and Earthlink's SMTP servers will relay it.
Not that I didn't get annoyed with the blocking from time to time. Sometimes I wanted to talk directly to a remote SMTP server with telnet to debug a client's setup or see if they were the open relay I was getting SPAM from. IIRC, you get ICMP admin-prohibited messages back when you try to connect to port 25. But I probably have to say that I think Earthlink is doing the right thing, IMHO.
Aren't the other big US dial-up providers doing this kind of thing? I assumed they all were. Despite the continuous rise in total SPAM levels, don't see very much SPAM from the US mega-huge dial-ups anymore. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org