[107510] in North American Network Operators' Group
Re: ingress SMTP
daemon@ATHENA.MIT.EDU (Jeff Kinz)
Thu Sep 4 14:58:13 2008
X-Report-Abuse-To: abuse@dyndns.com (see
http://www.mailhop.org/outbound/abuse.html for abuse reporting
information)
Date: Thu, 4 Sep 2008 14:57:30 -0400
From: Jeff Kinz <jkinz@kinz.org>
To: Mark Foster <blakjak@blakjak.net>
In-Reply-To: <60044.210.54.216.162.1220493708.squirrel@webmail.blakjak.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Sep 04, 2008 at 02:01:48PM +1200, Mark Foster wrote:
> So in terms of the OP,
> I don't see why joe-user on a dynamic-IP home connection should need the
> ability to use port 25 to talk to anywhere but their local ISP SMTP server
> on a normal basis[1].
Whats a normal basis?
My Home ISP won't let me send to more than 200 (or so) email addresses
per day. If I used my ISP's email system I would constantly be losing
my email service due to hitting the limit.
I do the field scheduling for my local town soccer league.
[Never volunteer! :-) ]
So when I send a few announcements out to coaches, referees and
administrators, I hit that limit and get my email shutoff for two days
or so. I eventually switched to MailHop at DynDNS (smtp auth)
I would have used port 25 but our ISP has begun blocking outbound
port 25 nationwide, due to large amount of outbound spam from their
customers. :-)
> Theyre not doing MX lookups so theyre not going
> direct to remote MTAs[2]. Regardless of where they got the mail _from_,
> the outbound mail should be via SMTP to their local SMTP server.[3]
>
> If you separate inbound (pop3) and outbound (smtp) mail delivery in your
> thinking you can start to make sense of things (from a users perspective).
> This is always the tack i've taken when trying to educate users about why
> their email outbound doesn't work when theyre moving from ISP to ISP.
> (At which point you offer them your authenticated-another-way service,
> such as 587 with SMTP auth).
>
> [1] Customers with a specific need to do so should have the means to
> opt-out. I believe most of the ISPs in NZ who block 25-outbound from
> clients also offer this option.
>
> [2] Customers doing MX lookups are either drones or people with mail
> servers at home. The former are obviously the target of the block. The
> latter are likely going to be any one of:
>
> - Blocked by SORBS or similar as a dynamic IP
> - Running a mail server in breach of AUP
> - On a fixed IP and (theoretically) capable of securing their system and
> not being a drone or open mail relay (and being traceable via their ISP).
>
> [3] Note also [2]. Outbound mail is associated with your ISP and their
> SMTP service. Has nothing to do with inbound mail. Nothing. Nada. Zip.
>
> Or doesn't the rest of the world think like this?
>
> Mark.
>
> PS: It occurs to me that SPF has an influence here, if you're aggressively
> using it then you should also be offering alternatives to Port 25 SMTP.
> IMHO.
>
--
