--On 14 April 2004 12:17 +0300 Petri Helenius <pete@he.iki.fi> wrote:
How many MUAs default to port 587? How many even know about 587 and give it as an option other than fill-in-the-blank?
So until they do, treat unauthenticated port 25 connections skeptically, and authenticated port 587 connections not skeptically. Skeptically might defined as: do not allow connections from outside known IP's and reply "550: Denied - please see http://myisp.net/relay.html" which explains how to fix your mail client. <metaargument> Not to pick on you in particular: This argument (at least on NANOG) seems to be characterized by the following 1. A suggests X, where X is a member of S, being a set of largely well known solutions. 2. B1 ... Bn, where n>>1 says X is without value as X does not solve the entire problem, each using a different definition of "problem". 3. C1 ... Cn, where n>>1 says X violates a "fundamental principle of the internet" (in general without quoting chapter & verse as to its definition, or noting that for its entire history, fundamental principles, such as they exist, have often been in conflict, for instance "end-to-end connectivity", and "taking responsibility for ones own network" in the context of (for instance) packets sourced from 127.0.0.1 etc.) 4. D1 .. Dn, where n>>1 says X will put an enormous burden on some network operators and/or inconvenience users (normally without reference to the burden/inconvenience from the problem itself, albeit asymmetrically distributed, and normally without reference to the extent or otherwise that similar problems have been solved in a pragmatic manner before - viz route filtering, bogon filtering etc.) 5. E1 .. En, where n>>1 insert irrelevant and ill-argued invective thus obscuring any new points in 1..4 above. 6. Goto 1. It may be that NANOG (mailing list) is a particularly unproductive place to discuss tackling the spam problem, but I don't know of anywhere less bad. In my view, we have to recognize: A. The problem is complex, else it would have been solved by now. There is unlikely to be a single silver-bullet solution. Any solution will be a composite of multiple different solutions, none of which alone (possibly together) will be perfect. B. Solutions need to be proportionate to what they achieve - where they challenge "fundamental principles" we need to evaluate that in the context of why those fundamental principles exist in the first place. C. Many solutions require hard work by network engineers. That is the value add. The problem is asymmetric which means that at least some part of the solution must have some normative component (see, for example, route filtering) as far as network operators are concerned. D. There also needs to be a normative component as far as users are concerned. Much of the behaviour we seek to change is not reliably distinguishable from acceptable behaviour at a technical level; whilst we may be able to improve that with better technology or simply different default settings, technology alone is not going to produce a solution in the absence of (say) AUPs and/or legislation. <metaargument> Alex