On Fri, 25 Feb 2005 16:51:31 +0000, Michael.Dillon@radianz.com <Michael.Dillon@radianz.com> wrote:
I'll agree with you on one thing, though -- the whole business of port 587 is a bit silly overall...why can't the same authentication schemes being bandied about for 587 be applied to 25, thus negating the need for another port just for mail injection?
Because that would require providers to act like professionals, join an Internet Mail Services Association, agree on policies for mail exchange, and require mail peering agreements in order to enable port 25 access to anyone.
You might want to check out http://www.maawg.org - at least stateside, that's about the only operational mail admin / antispam conference I know of that's attended by ISP mail system and abuse desk admins rather than assorted vendors. They've got a mtg march 1-3 in San Diego (I'll be there btw) srs
Unfortunately, providers seem to prefer unilateral heavy-handed behavior rather than acting professional. They prefer working out solutions in isolation or in small closed cabals working in secret in backrooms rather than working open to public scrutiny in an association. They prefer to operate in an environment in which there are no agreed policies for Internet email exchange rather than having a viable Internet email system in which everyone works together to add value to the users. They prefer to play secret games with blacklists, bayesian filters, hodge-podges tacked onto the Internet's DNS systems, and other antisocial behaviors rather than openly saying that people must meet certain standards in order to *SEND* email.
The Internet email architecture is based on something called *SIMPLE* mail transport protocol which its creator never intended to last for so long. It is a flat architecture and in common with other flat architectures it does not scale. If flat architectures did scale on the Internet, then everyone with a dialup would be running BGP and announcing their /32 IPv4 route.
There is no good reason why the large email providers, most of whom are network operators, do not form an open Internet Mail Services Association to hammer out the details of a new email services architecture so that everyone can sing from the same hymnbook and so that email just works, seamlessly, everywhere. I strongly suspect that a new architecture will have fewer weak points that can be exploited by spammers but spam is really a secondary problem. The real problem is that the IETF protocol development process is not the right place for email service operators to work out operational frameworks and policies.
This is an area where the United Nations and the ITU can bring about *REAL* improvements to the Internet and I hope that the existence of the WSIS will lead to this. No, I do *NOT* support the ITU taking on a governance role over the Internet. What I do support is for the companies in this industry to wake up and smell the coffee. Nature abhors a vacuum. Currently we have collectively created a vacuum which the UN and ITU *WILL* fill if we don't fill it first.
--Michael Dillon
-- Suresh Ramasubramanian (ops.lists@gmail.com)