On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:
I am curious about what network operators are doing with outbound
SMTP
traffic. In the past few weeks we have ran into over 10 providers, mostly local providers, which block outbound SMTP and require the users to go THOUGH their mail servers even though those servers are not responsible for the domains in question! I know other mail servers are blocking non-reversible mail, however, is this common? And more importantly, is this an acceptable practice?
It's both unacceptable in my opinion and common. There are even those misguided souls that will tell you it is best practice, though general agreement, even among them seems to be that only 25/tcp should be blocked and that 465 and 587 should not be blocked.
[dmb] I would agree, for residential customers, if they use the "ISP" domain, then yes they should relay though the ISPs mail server. For business customers and other residential customers that do NOT use the ISP domain, then I think they should use their own mail server that they already pay for.
Most of our smaller ISPs that we support; we allow any outbound SMTP connection, however we do watch residential users for 5+ outbound
SMTP
connections at the same time. But if the ISP has their own mail
servers, and users wish to relay though them, we basically tell them to use their mail server that they contract with. What is the best practice?
Best practice is to do what works and block as much SPAM as possible without destroying the internet in the process. There are those who argue that blocking 25/tcp does not destroy the internet. By and large, they are the same ones who believe NAT was good for us.
Owen
[dmb] Lots of smaller ISPs out there run thousands of customers though NAT and I can see the need to properly "monitor" the SPAM activity on those IPs, not saying that is right, but I do see the point, in this event. But for ISPs that are handing out publics, I don't see how blocking outbound Port 25 helps, other than makes more support calls for the end users. Keep in mind that, ATT DSL and the local cable co here in STL, both block outbound port 25, but a simple phone call or e-mail to their support and they will remove the block.