[79365] in North American Network Operators' Group
Re: botted hosts
daemon@ATHENA.MIT.EDU (John Dupuy)
Mon Apr 4 16:48:47 2005
Date: Mon, 04 Apr 2005 15:45:01 -0500
To: Randy Bush <randy@psg.com>
From: John Dupuy <jdupuy-list@socket.net>
Cc: Nanog <nanog@nanog.org>
In-Reply-To: <16977.42583.709053.764517@roam.psg.com>
Errors-To: owner-nanog@merit.edu
My apologies to the list for sending HTML email.
A plain text version:
As a point of discussion regarding port 25 filtering. Let's look at two
possible future models:
For both these models, today's weak-security SMTP is still used for email.
The ISP having the sender of email is called "SendISP". The ISP with the
recipient mailserver is called "RecvISP".
MODEL A: ISPs filter at the source; spam is reduced
ISP's filter outgoing port 25 traffic from networks; allowing exceptions.
SendISP limits outgoing mail. RecvISP has less incentive to block incoming.
If a customer of SendISP want's to run a mail server, SendISP has
motivation to
make an exception.
Customer's wanting exceptions tend to be rare.
MODEL B: ISPs filter incoming mail traffic; spam is reduced.
ISP's increase the effectiveness of blacklists and locating dynamic
IPs; allowing exceptions as requested by the mail server admins/users.
(Filtering may occur at network level or in mail servers.)
SendISP does not limit outgoing mail. RecvISP has strong incentives to
block.
If a customer of SendISP want's to run a mail server, RecvISP has
almost no motivation to make a blacklist exception. RecvISP is more
concerned about _their_ customers/users.
Which model really provides us with the best of both worlds: less spam yet
more freedom to innovate? I would say model A does.
However, I am not convinced of this. Please pick apart my models..
(As if I have to ask...)
John
