Mark Foster <blakjak@blakjak.net> writes:
On Fri, 5 Sep 2008, Mikael Abrahamsson wrote:
We don't allow most of our residential customer base to speak SMTP TCP/25 to anywhere at all (and we have millions of them). Wish more ISPs would do the same.
Probably fair enough, if you as an ISP can get away with enforcing this sort of policy then so much the better.
However relaying through your own ISPs 25/tcp should surely then make it relatively easy for noise to be tracked down and nailed at the source - by ISPs? (Do abuse@ desks investigate spam these days?)
As others have noted, intercepting 25 breaks SPF. It also gratuitously creates weird anomalous behaviour that is much harder for a reasonably clued person to debug than a simple blocked port, so it's more likely to buy you a help desk call (with a subtle problem that your level 1 folks probably can't get sorted anyway). Perhaps you aren't in a position where you have to care about the balance sheets, but keeping the load off the help desk is a wonderful thing to do in terms of cost control. Doing traffic analysis looking for noise is just extra work for your abuse people - when I was setting policy for this sort of thing we put a cap at 1000 discrete destinations per day per authenticated user (with a daily report of who'd busted it, and most days the report was 0) and only once ran into a problem where someone was legitimately trying to send mail to a bajillion people and called the help desk. -r