Re: outbound failure limiting - the next phase in the spam war?

John Pettitt wrote:
>
> Jorey Bump wrote:
>
>>I doubt if port 25 blocks are as prevalent as indicated. It would
>>cause too many problems for road warriors and sites that use SPF or
>>SenderID. I know I would drop my ISP in a heartbeat if they forced
>>me to use their unreliable/insecure relays instead of my own.
>
> Many ISP's are going to 25 blocks for dynamic addresses - mine
> (sonic.net) just added it for static addresses with an opt out that
> lets users run their own servers.

It's not really an issue of running servers on dynamic (or even static)
IP addresses, it's an issue of *client* access to corporate or other
relays. In a lot of cases, it's not appropriate to use the ISP to relay
mail.

A port 25 block isn't the end of the world, of course. Admins could
quickly adapt by using submission port 587 (and in the process upgrade a
*lot* of broken clients that may ironically be responsible for some of
the problem in the first place). If this practice catches on in a
responsible way (require SMTP AUTH w/STARTTLS), maybe ISPs won't block
that port...

> Authentication isn't going to
> solve the problem because the bad guy owns the client which has the
> authentication information stored on it. One you on the PC it's
> trivial to hijack the mail server settings (authentication and all).

Possibly, but it's much less trivial than using your ISP's open relay,
and really does help narrow the options for the abuse of zombies.

> What sparked this conversation was an ISP mail server being added to a
> block list because of a hijacked client spewing spam.

Understood. Every solution seems to spawn a new problem.