*Hobbit* wrote:
What I'm trying to get a feel for is this: what proportion of edge customers have a genuine NEED to send direct SMTP traffic to TCP 25 at arbitrary destinations?
Probably very few.
The big providers -- comcast, verizon, RR, charter, bellsouth, etc -- seem to be some of the most significant sources of spam and malware attempts, mostly from compromised end-user machines, and it seems that simply denying *INGRESS* of TCP 25 traffic except to the given ISP's outbound relay servers would cut an awful lot of it off at the pass.
I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL connectivity at that. I'm all for that personally. It was a minor effort to setup my charles@thewybles.com address to be allowed out (had to fill out a webform and click a verify link). Since most people use the address given to them by the provider and most likely use webmail this certainly won't affect them. To top it all off I can fill out another web form and specifically request unblocking of ports and relay out mail server wherever I want. So SBC has a policy of deny SMTP relaying by default, provide clear instructions to allow outbound relay via approved server farm if you don't want to be blocked request unblocking via a self service web form. Seems perfectly acceptable to me. Thoughts? -- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project