On Fri, 3 Aug 2001, Joe Shaw wrote:
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Whatever. If you find the service valuable, then you'll pay for it, if you don't, then don't use it and go away.
Valuable? Hehe. FYI, NetSide is on the MAPS RSS blackhole list:
Mitch, some of us would say that anyone who is there because of operating an open relay is a good thing.
With the same reasoning, you may then blackhole all free email services that do not id their customers with a valid credit card as well. What's the difference? Legally, not technically, I mean. Anyone could subscribe in anonymity to a free service and send you a nastygram, for example. Hey, let's blackhole free websites that bother us too, while we're at it.
http://www.dotcomeon.com A detailed account of our "crimes"...
And enough paranoid rambling about giving up control of your network to Vixie and the government to make even me think you're a loon.
Let me make this clear: I would turn over control to the US government for any network function that the law in force requires. Conversely, no private party or foreign entity operating by their own laws, or outside the law, has the right to dictate rules to any provider. The loons are those short-sighted nerds that willingly give an inch to anyone bullying them on the Internet. I wouldn't give in to something like this even outside cyberspace, out of pure conviction.
You also talk about how things have always been. Lord knows that The Internet has not evolved over the past 6 years, right Mitch? The argument that sendmail has by default traditionally been implemented in an open relay configuration or that sysadmins are too lazy to change the default config are not strong arguments for your cause as there are technological improvements to the existing standards that make it possible to relay messages for remote users without running an open relay. Cry all you want, but the times have changed, and you either evolve or you die.
Funny thing is, we're blackholed for over a year now and still kicking! Evolution doesn't necessarily lead to progress. Or maybe, not all things evolve into something good. In this case, taking away a functionality for the comfort of the few giant providers with national coverage, to the detriment of ordinary users and small providers can hardly constitute progress. This whole thing started because some ISPs weren't disconnecting abusers, and evolved into an inquisition where you are blacklisted for refusing mail-abuse.org the privilege of probing your server! Let me quote an early Vixie on the subject: "we at MAPS consider that probing to be, itself, a kind of network abuse". (http://www.dotcomeon.com/vixie_sendmail_qa.html) Now read http://www.dotcomeon.com/nph-rss-remove-blocking.html
Hell, you're not even protecting your customer's privacy and account information by allowing people to expn and vrfy accounts via your mail server. And even if you turned that off, since you allow mail relaying from anyone, a person looking to harvest accounts or just get account data could send an e-mail posing as that person to himself and you'd never be the wiser.
Believe it or not, whenever someone relays a message from anywhere, the ip is clearly identifiable. Now all you have to do is trace the source and notify the spammer's provider, who should be the one responsible for booting the offender.
You want to run an open relay, and that's your right to do so. It's your hardware, your software, and your time. But because you run a mail server does not mean that The Internet at-large has to accept mail from you if every goon thinking we need ink jet refills or the latest porn can send mail through your server that ultimately reaches our inboxes. We have the right to use a service that promises to stop that from happening.
The goon may be YOUR customer. Or another provider who shares your views. Why should I be held responsible to prevent your or your pal's customer from doing evil?
If you don't like that, then do something constructive about it other than whining on NANOG. Every time you post to NANOG it's either on this subject directly or you move the topic to talk about it.
Well, we all tackle the topics that interest or irk us most. You, as a Network Security Specialist, want everything locked up tight. Me, as a provider, want the freedom to conduct my business in peace, and want my users considered innocent until proven guilty. Let the one that first brought up MAPS in this thread be stoned. We can't all be cheerleaders either, or we would have nothing to argue about. --Mitch NetSide