[52139] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Dave Crocker)
Mon Sep 16 14:50:35 2002
Date: Mon, 16 Sep 2002 11:40:13 -0700
To: woods@weird.com (Greg A. Woods)
From: Dave Crocker <dhc2@dcrocker.net>
Cc: nanog@merit.edu
In-Reply-To: <20020916181102.3CFCCA@proven.weird.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 02:11 PM 9/16/2002 -0400, Greg A. Woods wrote:
> > 2. The issue with email is authentication, not privacy. Authentication
> can
> > be achieved can be achieved easily over port 25, without encryption.
>
>Well, no, not securely it can't. You cannot have a secure authenticated
>service running over a raw TCP circuit across public networks.
1. You are adding to the requirement. No matter how reasonable or
advisable, encryption (privacy) is a separate function from
authentication. And the rationale for doing port 25 port blocking has to
do with accountability, not privacy.
2. Just so there is no confusion, I meant encryption as in privacy
(content encryption) rather than as part of an authentication mechanism.
3. SMTPAUTH does not require an alternate port, yet it is sufficient for
ensuring accountability. Hence it is sufficient for dealing with the
reason that port 25 is blocked, without requiring that it be blocked.
> > Hence, blocking port 25 blocks legitimately validated email,
> > as well as possible spam.
>
>Well, yes, but obviously that doesn't matter. This is the real world Dave.
Thanks for noticing that. That is why I keep citing the impact on real,
mobile users and the implication for such minor opportunities such as
wireless hotspots.
d/
----------
Dave Crocker <mailto:dave@tribalwise.com>
TribalWise, Inc. <http://www.tribalwise.com>
tel +1.408.246.8253; fax +1.408.850.1850
