[61418] in North American Network Operators' Group
RE: Fun new policy at AOL
daemon@ATHENA.MIT.EDU (Tony Hain)
Thu Aug 28 15:55:08 2003
From: "Tony Hain" <alh-ietf@tndh.net>
To: "'Matthew Crocker'" <matthew@crocker.com>,
"'Roland Perry'" <nanog@internetpolicyagency.com>
Cc: <nanog@merit.edu>
Date: Thu, 28 Aug 2003 12:53:16 -0700
In-Reply-To: <89081955-D962-11D7-A9DD-000A956885D4@crocker.com>
Errors-To: owner-nanog-outgoing@merit.edu
Matthew Crocker wrote:
> Shouldn't customers that purchase IP services from an ISP use=20
> the ISPs=20
> mail server as a smart host for outbound mail?
Look carefully at that question and find the logic error.
.......
In case you missed it, the customer purchased 'IP' service, not 'ISP =
mail
service'.=20
=20
> We block outbound port=20
> 25 connections on our dialup and DSL pool. We ask our customers that=20
> have their own mail servers to configure them to forward through our=20
> mail servers. We get SPAM/abuse notifications that way and can kick=20
> the customer off the network. We also block inbound port 25=20
> connections unless they are coming from our mail server and=20
> require the=20
> customer setup their MX record to forward through our mail=20
> server. We=20
> virus scan all mail coming and going that way. We protect our=20
> customers from the network and our network from our=20
> customers. We are=20
> currently blocking over 3k Sobigs/hour on our mail servers. I would=20
> rather have that then all my bandwidth eaten up by Sobig on all of my=20
> dialup/DSL connections.
Running a walled garden is fine as long as that is what your customers =
are
signing up for. One question though, why aren't you also running a web =
proxy
and NetNanny to protect your customers from the 'bad' content on port =
80?
What makes port 25 so special?
>=20
> SMTP & DNS should be run through the servers provided by the ISP for=20
> the exact purpose. There is no valid reason for a dialup customer to=20
> go direct to root-servers.net and there is no reason why a=20
> dialup user=20
> should be sending mail directly to AOL, or any mail server for that=20
> matter (besides their host ISP)
This line of thinking leads us to a cabal that has complete control over
communication. Think about it, a few large organizations allow/encourage
abuse, then claim that the only resolution to the abuse is to route all
communication through the centrally controlled servers. We end up back =
in
the PTT style monopolies where censorship becomes trivial.
Tony
=20
