[79361] in North American Network Operators' Group
Re: so, how would you justify giving users security? [was: Re:
daemon@ATHENA.MIT.EDU (John Dupuy)
Mon Apr 4 16:28:52 2005
Date: Mon, 04 Apr 2005 15:25:09 -0500
To: nanog@merit.edu
From: John Dupuy <jdupuy-list@socket.net>
In-Reply-To: <20050404142512.C3877@cgi.jachomes.com>
Errors-To: owner-nanog@merit.edu
<html>
<body>
<font size=3D3>As a point of discussion regarding port 25 filtering. Let's
look at two possible future models:<br><br>
For both these models, today's weak-security SMTP is still used for
email. The ISP having the sender of email is called "SendISP".
The ISP with the recipient mailserver is called
"RecvISP".<br><br>
MODEL A: ISPs filter at the source; spam is reduced<br>
ISP's filter outgoing port 25 traffic from networks;
allowing exceptions.<br>
SendISP limits outgoing mail. RecvISP has less incentive to
block incoming.<br>
If a customer of SendISP want's to run a mail server,
SendISP has motivation to<br>
make an exception.<br>
Customer's wanting exceptions tend to be rare.<br><br>
MODEL B: ISPs filter incoming mail traffic; spam is reduced.<br>
ISP's increase the effectiveness of blacklists and locating
dynamic IPs; allowing exceptions as requested by the mail server
admins/users. (Filtering may occur at network level or in mail
servers.)<br>
SendISP does not limit outgoing mail. RecvISP has strong
incentives to block.<br>
If a customer of SendISP want's to run a mail server,
RecvISP has almost no motivation to make a blacklist exception. RecvISP
is more concerned about _their_ customers/users.<br><br>
Which model really provides us with the best of both worlds: less spam
yet more freedom to innovate? I would say model A does.<br><br>
However, I am not convinced of this. Please pick apart my
models..<br><br>
(As if I have to ask...)<br><br>
John<br><br>
At 01:25 PM 4/4/2005, Jay R. Ashworth wrote:<br><br>
<blockquote type=3Dcite class=3Dcite cite>On Mon, Apr 04, 2005 at 08:46:42PM
+0200, Gadi Evron wrote:<br>
> As a geek, do you not want the Internet to still be here
*completely* <br>
> OPEN and FREE in the future?<br><br>
And this is the point question.<br><br>
Much innovation is due to the open end-to-end characteristic of the<br>
current network.<br><br>
By all means, let's trap port 25 where possible, for those who=20
don't<br>
care (or ask), but let's not go all baby-and-bathwater by filtering<br>
*everything* either...<br><br>
Cheers,<br>
-- jra<br>
-- <br>
Jay R.
Ashworth &n=
bsp; =
&nbs=
p;
jra@baylink.com<br>
Designer &n=
bsp; =
Baylink &nb=
sp; &=
nbsp;
RFC 2100<br>
Ashworth & Associates The
Things I
Think  =
;
'87 e24<br>
St Petersburg FL USA
<a href=3D"http://baylink.pitas.com=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0/" eu=
dora=3D"autourl">http://baylink.pitas.com  =
;
</a> +1 727 647 1274<br><br>
If you can read this... thank a system
administrator. Or two. --me </font></blockquote></body>
</html>
