[145924] in North American Network Operators' Group
RE: Outgoing SMTP Servers
daemon@ATHENA.MIT.EDU (John van Oppen)
Wed Oct 26 17:13:09 2011
From: John van Oppen <jvanoppen@spectrumnet.us>
To: 'Owen DeLong' <owen@delong.com>, Dennis Burgess <dmburgess@linktechs.net>
Date: Wed, 26 Oct 2011 21:12:07 +0000
In-Reply-To: <3070789B-ECE7-458F-B89C-4E2B39C265AA@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On our retail footprint we block outbound traffic from customers with dynam=
ic IPs towards port 25, our support tells them to use their ISP's port 587 =
server.... That being said, since all of our home users have 50 mbit/sec =
or greater upload speeds we are pretty paranoid about the amount of spam th=
at could be originated.
We don't block anything on static assignments. Honestly, even as a very g=
eeky user, I probably would not have noticed the block and I can confirm th=
at it is massively important to lowering our spam footprint as a network.
I asked our support people, and none of them had ever really had an issue w=
ith this policy in terms of keeping customers. I agree with Ricky's curre=
nt comment on this thread, blocking is unfortunately necessary on the moder=
n consumer portions of the internet.=20
Thanks,
John van Oppen
-----Original Message-----
From: Owen DeLong [mailto:owen@delong.com]=20
Sent: Monday, October 24, 2011 9:37 PM
To: Dennis Burgess
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers
On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:
> I am curious about what network operators are doing with outbound SMTP
> traffic. In the past few weeks we have ran into over 10 providers,
> mostly local providers, which block outbound SMTP and require the users
> to go THOUGH their mail servers even though those servers are not
> responsible for the domains in question! I know other mail servers are
> blocking non-reversible mail, however, is this common? And more
> importantly, is this an acceptable practice?
>=20
It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general agre=
ement,
even among them seems to be that only 25/tcp should be blocked and that
465 and 587 should not be blocked.
>=20
>=20
> Most of our smaller ISPs that we support; we allow any outbound SMTP
> connection, however we do watch residential users for 5+ outbound SMTP
> connections at the same time. But if the ISP has their own mail
> servers, and users wish to relay though them, we basically tell them to
> use their mail server that they contract with. What is the best
> practice?=20
>=20
Best practice is to do what works and block as much SPAM as possible withou=
t
destroying the internet in the process. There are those who argue that bloc=
king
25/tcp does not destroy the internet. By and large, they are the same ones =
who
believe NAT was good for us.
Owen
