On 10/25/11 12:31 PM, Ricky Beam wrote:
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong <owen@delong.com> wrote:
Wouldn't the right place for that form of rejection to occur be at the mail server in question?
In a perfect world, yes. When you find a perfect world, send us an invite.
I reject lots of residential connections...
The real issue here is *KNOWING* who is residential or not. Only the ISP knows for sure; and they rarely tell others. The various blocklists are merely guessing. Using a rDNS name is an even worse guess.
Agreed. Don't expect a comprehensive list based upon rDNS containing specific host names with IPv6. That would represent a never ending process to collect.
However, senders who authenticate legitimately or legitimate sources of email (and yes, some spam sources too) connect just fine.
Authenticated sources can be traced and shutoff. If a random cablemodem user has some bot spewing spam, the only way to cut off the spam is to either (gee) block outbound port 25, or turn their connection off entirely. As a responsible admin, I'll take the least disruptive path. (I'll even preemptively do so.)
Blocking ports is not free, but don't expect all DSL providers to unblock port 25 unless it is for a business account. Price differentials help pay for port blocking. In a perfect world, all SMTP transactions would cryptographically authenticate managing domains for the MTA. With less effort and resources (than that needed to check block lists) IPv6 could continue to work through LSNs aimed at helping those refusing to offer IPv6 connectivity. Blocking at the prefix requires block list resources 65k times greater than what is currently needed for IPv4. IPv6 announcements seem likely to expand another 6 fold fairly soon as well. In comparison, cryptographic authentication would be more practical, but a hybrid Kerberos scheme supported by various third-party service providers could reduce the overhead. Is it time for AuthenticatedMTP? -Doug