On 9/5/12, Sean Harlow <sean@seanharlow.info> wrote:
While I've clearly been on the side of "don't expect this to work", "why do you have your laptop set up like that?", and defending the default-blocking behavior on outbound, this is not true at least for Gmail. I have a test Asterisk box which I've been really lazy about setting up properly that
I would still file it under... yes, there will probably be many mail hosts you can contact that way. It will be understandable if many block it, but they don't have to. If they give you a smart host, then you should use that. End-to-End doesn't imply control of the routing in-between smtp origin and destination. It will also be understandable if the ISP blocks outbound port 25, but they don't have to. Personally I would rather they not -- blocking port 25 doesn't make the underlying problem go away; it's just a way of "hiding the problem", so the ISP isn't pestered about it. By blocking port 25; the ISP doesn't receive a spam complaint for blocked non-legit activity, so they have fewer network abuse reports to deal with. Fewer users to turn off = fewer angered users switching to other providers (Even if turning off the user in response to spam will help the user, by alerting them to their compromised computer). End user Having to use a smart relay host increases latency and introduces a point of failure (ISP mail relay can fail or perform unacceptably even when the network has no issues). If you have the intelligence on your laptop to properly contact MX hosts; the restriction can be a hinderance, and it is difficult to justify. The ISP could block port 25 on report of abuse; but I suppose... incident handlers' time reading abuse reports = $$$ Once the large ISPs do the math, it is understandable if their ISP organizations' management eventually opts to block port 25. For the ones who didn't choose to do that; presumably sufficient users complained or they feared the competition would be strengthened or charged with their unpopular choice. My idealistic preference would be the ISP allows outbound port 25, but are highly responsive to abuse complaints; that way, the problem will be corrected, instead of festering, until some day the laptop gets plugged into some network that happens to allow the port. Or spreads the infection, because of the port 25 block, the problem goes undetected and contributes to making the overall worse. Just because a compromised host can't connect on port 25; doesn't mean it is not a significant contribution to the problem. Spreading infection via other vectors; spamming via other vectors such as IM, Forum posts, HTTP contact/feedback forms... There are plenty of abusive non port-25 activities that ultimately facilitate spamming. -- -JH