> I have to COMPLETELY disagree. An ISP that blocks OUTBOUND
> access to ANY legal/conforming site or service is being
> overly restrictive.
But they have a right to ensure that, and by forcing you to put that traffic
through their server first, they at least have an opportunity to check it.
If they force it and don't check, I agree that's overly restrictive. But if
they're checking, more power to 'em in my book.
> If I want to send spam mail I can and will [I DO NOT] by
> simply running a WebService on my external site and talking
> to that from within the ISP domain.
That may be true, but look at who you are dealing with. Many of them really
don't have a clue how all this works, they just buy some mass-mailing email
package specifically built for spamming, buy/make/scrape lists, and have at
it. I'd wager that most of them bought the package from a spam they
received. Regardless, they don't have a clue how it really works and why.
Some of them don't even bother to change data in fields where it says
"<changethis>". The kind of plumbing you are talking about, although
relatively simple, is out of reach of their technical skill (which is
negligible).
ISPs are also dealing with worm- and bot-infected servers and clients on
their networks spreading email-based infections or becoming remote platforms
for spamming. Here we sit in 2004 and people still don't get that you MUST
protect yourself from viruses, and that IF your machine becomes a vector YOU
are responsible for it and YOU MUST clean it up. ISPs have long been
chasing people who have infected machines who are mass-mailing worms to
other systems in huge volume, and in many cases people do nothing about it
because they don't know what to do and it isn't affecting their operation of
their system as far as they can tell. Despite warnings from ISPs, coverage
in mass-media, and monthly dire warnings from Nostradamus Symantecus, people
still open attachments in email from people they don't know, and they still
run their systems without any kind of virus protection, still connect their
machines without a firewall (or turn it off because it's "getting in the
way"), and set up their home wireless networks without security of any kind.
The time spent by ISPs chasing the lazy and the clue-challenged is
escalating, and they have to do something to relieve that, or the cost of
that effort is going to be distributed to all of us.
There has to be a balance. And people have to get used to the idea that the
Internet isn't the Wild West any more. It was great when we were all
students and working cooperatively to connect each other, share information,
and experiment with the possibility that one day you'd be able to talk to
someone behind the iron curtain surreptitiously about your theories in
particle physics or what makes a really good beer. Times have changed. You
can't just do what you want when you want, all for free or close to it, and
demand that it work perfectly all the time as well. It's a global
community, and you have to take responsibility for your role in it, work by
its rules, and be adaptable as they change.
> Blocking outbound access
> provides NO benefit to ANYONE [except lazy ignorant fools!]
I can't respond to this except to say that aside from the fact that this
statement is inappropriately inflammatory and doesn't reflect well on your
argument, it's completely baseless.
> It DOES prevent me from using ShadowMail [which runs on in
> conjunction with my SMTP and POP3 accounts on my server(s) in
> Denver and allows review of all inbound and outbound mail
> messages for a limited time from ANY (secure) site]. It DOES
> prevent me from using MailAuthorizeIT [which utilizes the
> originating IP and MAC of a message for authentication!]
>
> It also makes it more difficult for me to service over 500
> clients who have Exchange Server Hosted on my Denver based
> servers. [Please NO blasting of MS products in response to
> this thread <g>]
Hmmm, I think that's a good use for a VPN (assuming that's a corporate
service you're referring to). Or how about just choosing another port? Set
up an MTA that will only forward to your Exchange server, and put it on port
50025. I'm not sure all MUAs allow you to configure the SMTP port, but all
the ones I use do (and for the record, I mostly use Microsoft-provided
MUAs).
In any case, I don't think I'm going to change your opinion, and you
certainly will not change mine. There's been some impassioned discussion of
this topic on the NANOG mail list recently as well, I think people are as
divided on it as you and I are. But I think everyone can agree that between
spamming and mass-mailing worms, the simple elegant utility of email is
being brutally tarnished.
--Patrick
Received on Thu Sep 02 2004 - 13:47:25 BST
This archive was generated by hypermail 2.3.0
: Fri Oct 10 2014 - 23:37:26 BST