[ On Wed, October 29, 1997 at 18:14:38 (-0600), John A. Tamplin wrote: ]
Subject: Re: Spam Control Considered Harmful
On Wed, 29 Oct 1997, Dalvenjah FoxFire wrote:
Is there a good reason why the throwway folks (those mentioned above) haven't blocked port 25 from their dialups to the outside internet?
We are an ISP and we don't block our dialups from going to port 25 elsewhere because this would eliminate their ability to rightfully use another mail server.
That's all fine and dandy just so long as you trust your customers and you are certain they will adhere to your AUP. However if you offer cheap dial-up accounts that can be opened either immediately, perhaps with a credit card number, then you've got no real way to establish *any* level of trust with your new customers and indeed the only way you can enforce your AUP is by technical means. I.e. if your AUP says no spamming then you *must* implement controls that prevent new customers from spamming. Period. Otherwise Joe Spammer just buys a one-time (throw-away) account from you and violates your AUP under false pretenses. I've even heard first-hand rumours that many spammers offer fraudulent credit card numbers and personal identification so you can't even try to bill them extra for breaking their contract.
This frequently occurs when a user accesses a mail server at work from their home dialup account. If other ISPs did this, we would have a problem where a user dialing into their ISP couldn't reach their virtual mail server, hosted on our network. We currently don't have many going the other way, but that may change.
There's no excuse for this. The user should (and must in the proposed plan) use the mail relay operated by the ISP they dial into for *all* outgoing mail. Only under a full roaming system where authentication information originates from the "home" ISP can you allow the user to connect to any other mail relay server, and in fact in this case you probably want to restrict them to only thie rhome ISP's mail relay server and not allow them to use your own local mail relay server.
In our case, this doesn't help since we and all the other local ISPs block relay access, so you have to use the mail server of the ISP you are currently connected to.
Exactly, so what's the problem? -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>