On 14-apr-04, at 1:56, John Curran wrote:
This approach has two main advantages over filtering port 25:
1. People can still talk to unlisted SMTP hosts if they feel they have a good reason to do so (ie, I get >to deliver messages directly to my server from home rather than being forced to use my service
provider's which may or may not work)
You're right... Rather than simply having you tell your provider that you're responsible and having port 25 outward opened up, the freedom for anyone to send to port 25 on an ad-hoc basis like we have today is a better idea. Today's spam isn't a problem; everything's working as designed.
I understand your frustration, but the approach of blocking port 25 isn't the right one. It may be convenient for you, but there are plenty of people who have good reasons for using other SMTP servers than their access provider's ones. And do you think people who are unable to run a good mail service will be able to selectively open up filters in a sane way? Filtering can also have a serious performance impact on some equipment. And of course this approach isn't going to work anyway: many access providers can't even be bothered to implement anti-spoofing filters, so there is no way that ALL consumer access providers are going to do this within a reasonable time frame.
The good news is that the IETF is now starting work on this, so expect results in two or three years.
Great idea: here's a case where we need less connectivity and better operational practices, but rather than take that task on, we should do more protocol work.
The idea is that new records in the DNS show which hosts are allowed to deliver mail for a domain. This means spammers must use a domain they control. That's a good start, as it makes white- and blacklisting a lot easier. However, this isn't enough. A next step would be to require that a host that is delivering mail must be flagged as a designated outgoing SMTP host for the reversed mapping domain name of its IP address. (Which obviously isn't going to happen for Joe Cable or Jane ADSL.) (There is still an issue with IPv6 though, as here everyone, including consumers, usually runs their own reverse DNS servers.)
The reality is that the vast majority of email is handed off to a designated mail relay (whether we're talking about consumer connections or office environments), and if we actually configured connectivity in this matter, there wouldn't be a problem.
I don't think cutting off one of the monster's heads will do it (there was spam in the good old days when Windows didn't do IP without installing Trumpet Winsock or something similar). There are other ways to get rid of almost all spam, but apparently for most people the pain isn't bad enough to start using them yet. (I installed Spamassasin over the weekend, and it caught 50 of 53 overnight spam messages. My client caught the remaining 3, no false positives.)