[104839] in North American Network Operators' Group
RE: amazonaws.com?
daemon@ATHENA.MIT.EDU (Tony Finch)
Wed May 28 07:00:00 2008
Date: Wed, 28 May 2008 11:59:39 +0100
From: Tony Finch <dot@dotat.at>
To: michael.dillon@bt.com
In-Reply-To: <D03E4899F2FB3D4C8464E8C76B3B68B00295E64C@E03MVC4-UKBR.domain1.systemhost.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Tue, 27 May 2008, michael.dillon@bt.com wrote:
>
> But a more advanced intelligence will wonder why we have to have an SMTP
> server architecture that invites attacks. Why, by definition, do SMTP
> servers have to accept connections from all comers, by default? We have
> shown that other architectures are workable on the Internet, where
> communications only take place between peers who have prearranged which
> devices talk to which. This worked for USENET news and it works for
> exchanging BGP route announcements.
Of course there's no unwanted traffic on USENET or BGP. Everyone de-peers
Tiscali when their customers' compromised home computers perform DDOS
attacks.
> As long as we don't fix the architecture of Internet email, we
> are stuck with the catch-22 situation that Amazon, and all hosting
> providers find themsleves in. These companies really have no choice
> but to allow spammers to exploit their services until the spamming
> is detected, either proactively by the provider, or reactively by
> a complaint to their abuse desk.
Nothing prevents Amazon from implementing a hierarchial email delivery
network for their little corner of the net. They just have to block
outgoing port 25 and require their users to use Amazon's smarthosts.
I don't see how, in your preferred replacement email architecture, a
provider would be able to avoid policing their users to prevent spam
in the way that you complain is so burdensome.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
HUMBER: SOUTHEAST VEERING SOUTHWEST 5 TO 7, PERHAPS GALE 8 LATER. MODERATE OR
ROUGH. THUNDERY RAIN, FOG PATCHES. MODERATE, OCCASIONALLY VERY POOR.
