There is still plenty of opportunity to make lots of money on this. Aside from wanting to see certain changes in the kernel, like support for certain devices and certain processors, what the industry wants is to bypass competition. As you say, they want to lock it in their way. Ironically, everyone, including they, benefit from from the competition and openness, because they cannot be locked out by someone else.
The other thing business likes, but is bad, is pushing things to be delivered before it's ready. Linux's great advantage in my mind is that Linus won't release it as official until it's ready. Now I was running 2.4.0-test10 on several machines before 2.4.0 came out. But business seems to want to have it now, but doesn't want to call it anything but the final release. If Linus had released it early, you might have 2.4.0-test10 or some other earlier version. It wouldn't be any better if it were called 2.4.0. But it would be a lie if the developer-in-chief didn't think it was ready. I trust Linus far more than software marketing types. Their schedules and deadlines (which is what runs business now) are for the birds. And I'm glad Linux works the way it does.
The decision making processes in a corporation are rather chaotic at best. First, there are politics. But most of it is CYA2KYJ politics. Profit drives most of the rest. Decisions are often delayed by management, then finally made a couple days after arbitrary deadlines imposed on the budget limited small staff of underpaid people to work miracles of quickly pulling code out of their.......
They're free to go make their own. That's what true free and open software is all about. If Microsoft or some other company wanted to make their own distribution, or fork the kernel their own way, they are certainly free to do so, under the openness requirements of GPL. That allows us to go pick and choose what they develop to include, or not include, in our version.
I have to strongly disagree with the notion marketing and management sometimes are to blame as I believe that they are almost always to blame. But it's not always pushing to get a product out faster, though that certainly is a huge problem. The first web project I did, I completed it in 6 weeks, including all the testing, when it had been originally estimated by middle management to be 6 months. I got called in to the meetings because I ran the servers it would run on, but ended up developing the whole thing, which ran bug free and fast. The department the project was for loved it. But management treated it as a NEGATIVE on my semi-annual review (so I started job hunting then).
There are, of course, some bad programmers out there. And maybe my view is biased because I'm not a bad programmer. But there is certainly a good supply of bad middle level management out there. This I know.
There is some fallout blocking happening. You may be blocked as a result of someone else sending spam. Send me a private reply by email and tell me what IP your mail goes out from, and I can take a look and see what specifics I can discover. I am using RBL, DUL, RSS, and a blocking zone of my own. If you can get to me, then @Home is blocking on some other basis. But I can only guess without specifics (and may still only be able to guess then).
Blocking spam is an imperfect art. Yes, legitimate mail is going to be blocked in some cases. But choosing methods to block spam which provides at least a way for legitimate mail to be sent around the blockade is preferrable, because then the sender can at least do something about it.
People have suggested to me to use procmail to filter out spam. But when I prompt them for a good set of rules that work, so far 100% have balked, giving excuses like "every situation is different". I block dialups and relays not just to reduce spam to my mailbox, but to also reduce spam to the mailboxes of every customer. This in turn reduces complaints from customers. So far not a single customer has complained about losing legitimate mail, but I do have a means ready for any customer to opt out of the blockade and receive unblocked mail. It will be their choice, but they seem to be happy as is.
If you do fire a sysadmin for subscribing to the DUL, send them to me. If I have an opening, I might just hire them. Ultimately the decision to do any filtering on any basis whatsoever is a decision to be made by those with the authority in the business. But based on my experience, it is a wise decision to use DUL. But I would not use ORBS.
Asking people to turn off those filters and just accept being spammed as a result is not really practical, either. The RFCs don't actually mandate that everything has to be one big internet. It's not unlike any other firewall filtering where someone makes a policy decision about what they do or do not want to do, or offer to their customers, or support.
If blocking port 25 is brain dead (and I'm not really saying it isn't) then what is the alternative..... that accomplishes as much spam reduction? Unfortunately, the design of the internet didn't really take into account the commercial proliferation we have today. We need some sort of secure mail transfer. Even with that, the problems won't go away. Even if we could authenticate exactly who sent every piece of mail at every hop with no chance of forgery, we'd still have the issue of having to decide who we want to accept mail from, and who we don't want to accept mail from. The concept of filtering is here to stay no matter what else we do.
When I was working at this one small ISP (sysadmin, not tech support), there were a shortlist of customers that tech support was authorized to forward direct to me on just their asking. One of them happened to be a CCIE working for a major telco doing their internet routers. After that first conversation where I asked why he was using us (because he didn't trust his own employer's network WRT privacy) he was actually useful because he would pin down exactly where problems were before calling, and I knew I didn't have to do the trackdown myself.
But yes, you can get morons claiming to be gurus (because they installed a computer at work and it worked). I still think a direct line like that could be useful, but it should be given out sparingly, only when merited, and probably with some access code that could be revoked. OTOH, rot13 has been a reasonable filter, so far, on my email address.
Not all geeks do, and it is true that web sites are hitting up bandwidth providers for all customers more and more. But geeks do tend to stay online a lot longer, and download the latest FreeBSD, Linux, and MP3s. But perception plays a big role in this, too. The perception is probably more extreme than the reality.
If they use a collection agency, they usually get nothing unless the agency collects. OTOH, if they sell the debt to a buyer of bad debts (usually pennies on the dollar) they get money up front, but usually way less. But I doubt anyone would buy these debts, as they are usually to ficticious people with stolen credit cards (which can reverse the debt back to the original owner anyway).
It was about 2 years ago. I got past frontline because they were totally baffled (didn't know what an MX record should have). The guy who answered said he was one of the owners, and that he was there because they were replacing stuff that day. I told him the problem and he said it should be fine since that server had been back up for a few hours. He then talked to someone else and when he came back on the line, he said "Looks like they didn't convert everything right, give it an hour and I'll make sure they get it fixed". In an hour it was fixed. I didn't try earlier, so as far as I know, it could have been fixed in 5 minutes.
As for throwing jargon at clueless techs, it usually is the quickest way to get a problem escalated. Often the problem is beyond their comprehension anyway, so what else is there to do since most won't escalate just because you say "save your time, just escalate this call now" (and I wouldn't ever expect them to).
If your people love to blame the server/hardware, I wonder why that is.
I've been majorly *UN*impressed by the competency at Verizon. If they are rejecting mail coming in to their servers from their own IP space based on the FROM: address, then obviously they are paranoid more about the forgery aspect of it. And clearly, as you've determined, they are unaware of the fact that people within their access IP space can have legitimate email addresses outside of their network, and need one way or another (SMTP through the Verizon server, or SMTP around it) to get out. They can't do both without breaking things. They will have to decide which way they want to block mail. The way of forcing everything through their own mail servers would MAJORLY reduce spam originating in their access IP space, but they apparently haven't been clued into that concept, yet.
Don't be glad they are not blocking port 25. Instead, be glad they are not blocking BOTH WAYS OUT at the same time. But you should be SAD they have chosen the one way which has virtually NO impact on spammers. The reason is, other networks will block the Verizon IP space when they start getting spam delivered from that spare.
As for the "pay phone" analogy, consider that their view of the Internet is probably more like a television broadcast than even a pay phone. Big corporations want to feed, and control, information going to you. Be glad you even get to send mail at all.
The contract thing may or may not help. They are probably reluctant to put it in because then they have to actually go enforce it, and they probably fear they can't be very successful at it. But I do agree that cancelling an account is pointless. Spammers know they can get 24 hours or so from an account, and more on weekends. They know accounts are sacrificial. That's why I don't focus on the disposable dialup accounts in my anti-spam measures. At least blocking outbound port 25 from dialups prevents the spam, which account cancelling after the fact never does.
That's fine. Make sure Pac Bell SWIPs your network. Make sure they SWIP every other network as well as dialup pools, so you network doesn't get blamed for spam. Or you can configure your mail server to just feed through the Pac Bell server. I find a less-mainstream ISP that doesn't seem to attract spammers.
Do you really think they are hiring for a position where someone will have the AUTHORITY to actually make the sweeping changes some people claim is needed? I personally don't know if AOL's network really sucks or not. I know a couple people whom I exchange email with that are on AOL, and it has worked OK. But if their network was fucked up as some people say, I'm assuming that it would take someone at the CTO level to fix it. Based on my experiences with other companies that do have networks in horrible or worse shape, anyone below CTO level just isn't going to have the AUTHORITY to get anything done, and won't even be listened to when they make the suggestions.
If I do appply for the CTO job at AOL, do you think they would even reply to my resume? Unless the job really is open, I highly doubt it. And even if it is open, I suspect they would be more looking for some politcal wonk than a guru geek who knows what to do to scale a network up to universal proportions reliably.
I wonder what would be said if the routers were to simply redirect port 25 (for packets addressed to any IP other than the local mail servers) to the local mail servers. Regardless of where the mail is intended to go, regardless of how the sending server is configured, it always goes through the ISP's mail proxy server. There, appropriate checks and controls can be applied as the above article suggest. The question is, would all the complaints about broken mail be reduced because now people would no longer be so incovenienced as to have to set their "SMTP host" address according to their ISP instructions?
I've learned to NOT believe the obvious from so many people. I know what would be logically right. But so many people out there don't actually know, and just proceed on that basis. And then when you talk with them you're often not even talking the same issues. It's best to be 100% certain of what they are talking about and make NO assumptions about what they didn't actually say.
BTW, I just realized that I have received relay spam from an Earthlink mail server at 207.217.121.12. That is one of yours, right? Did this one slip through your fingers? Did someone else set up that one? Was it hacked into? Did someone forget to test it against mail-abuse.org after making a config change? Why did no one respond to my spam abuse report?
Give you a call, eh? You post as Anonymous Coward and don't list your phone number? At least you can email me if you are geek enough to understand my email address.
If the addresses are not listed in DUL then they may have blocked it on their own. I do that when I get spam that was relayed but not blocked by RBL/DUL/RSS. I check the ARIN records for the exact address the spam came from and I choose the most specific network involved. That gets blocked. However, it is still possible that spam was relayed from an address listed only with the broad SWIP record covering their whole network, even if they did put your addresses in at ARIN. If that is the case, you need to complain to them because their failure to SWIP **EVERYTHING** that might possibly relay or spew spam can end up affecting you even if they do SWIP yours. If they can't fix that policy then you need to run, not walk, to another ISP (and if you have a term agreement, pass it with a note to your lawyer that they are the ones to break the agreement for not providing proper service). If you tolerate bad ISPs, there will just be more bad ISPs.
Given that @Home mail servers are open relays (since I get spam relayed through some of them, I know at least some are open), and given the lag of delivery through them, maybe someone has discovered it as a temporary storage device.
Oh My God! That would mean we'd be back with an Internet the way it used to be about 10 years ago, with competent admins and engineers, and less crap and spam.
Have you made certain that your network never has sent out spam (and I mean EVERY machine on your network) and they your domain is not in one of the domain based anti-spam zones? You say you are running Exchange. Since Exchange has installed with relaying on by default (at least when I last checked it about 6 months ago) you may have been a spam conduit in the past (if not still one now). Test every mail server by getting on the machine and running telnet to mail-abuse.org (standard telnet port 23) and having it check to make sure you are not an open relay.
The problem is, because the tech support guy you do get has read the first 3 chapters of the first book towards his MCSE, he thinks he has the Black Belt in networking. Unfortunately, you might not impress most of them (even if you know 1000 times as much as the sum total of them all ever could learn).
The other unfortunate reality is that most of these companies do NOT want geeks as customers; they use the bandwidth too heavily :-(
Excellent points.
There is still plenty of opportunity to make lots of money on this. Aside from wanting to see certain changes in the kernel, like support for certain devices and certain processors, what the industry wants is to bypass competition. As you say, they want to lock it in their way. Ironically, everyone, including they, benefit from from the competition and openness, because they cannot be locked out by someone else.
The other thing business likes, but is bad, is pushing things to be delivered before it's ready. Linux's great advantage in my mind is that Linus won't release it as official until it's ready. Now I was running 2.4.0-test10 on several machines before 2.4.0 came out. But business seems to want to have it now, but doesn't want to call it anything but the final release. If Linus had released it early, you might have 2.4.0-test10 or some other earlier version. It wouldn't be any better if it were called 2.4.0. But it would be a lie if the developer-in-chief didn't think it was ready. I trust Linus far more than software marketing types. Their schedules and deadlines (which is what runs business now) are for the birds. And I'm glad Linux works the way it does.
The decision making processes in a corporation are rather chaotic at best. First, there are politics. But most of it is CYA2KYJ politics. Profit drives most of the rest. Decisions are often delayed by management, then finally made a couple days after arbitrary deadlines imposed on the budget limited small staff of underpaid people to work miracles of quickly pulling code out of their .......
They're free to go make their own. That's what true free and open software is all about. If Microsoft or some other company wanted to make their own distribution, or fork the kernel their own way, they are certainly free to do so, under the openness requirements of GPL. That allows us to go pick and choose what they develop to include, or not include, in our version.
On the 3rd rock around a small star in a small galaxy nearby is a lifeless spot called Redmond.
I have to strongly disagree with the notion marketing and management sometimes are to blame as I believe that they are almost always to blame. But it's not always pushing to get a product out faster, though that certainly is a huge problem. The first web project I did, I completed it in 6 weeks, including all the testing, when it had been originally estimated by middle management to be 6 months. I got called in to the meetings because I ran the servers it would run on, but ended up developing the whole thing, which ran bug free and fast. The department the project was for loved it. But management treated it as a NEGATIVE on my semi-annual review (so I started job hunting then).
There are, of course, some bad programmers out there. And maybe my view is biased because I'm not a bad programmer. But there is certainly a good supply of bad middle level management out there. This I know.
There is some fallout blocking happening. You may be blocked as a result of someone else sending spam. Send me a private reply by email and tell me what IP your mail goes out from, and I can take a look and see what specifics I can discover. I am using RBL, DUL, RSS, and a blocking zone of my own. If you can get to me, then @Home is blocking on some other basis. But I can only guess without specifics (and may still only be able to guess then).
Blocking spam is an imperfect art. Yes, legitimate mail is going to be blocked in some cases. But choosing methods to block spam which provides at least a way for legitimate mail to be sent around the blockade is preferrable, because then the sender can at least do something about it.
People have suggested to me to use procmail to filter out spam. But when I prompt them for a good set of rules that work, so far 100% have balked, giving excuses like "every situation is different". I block dialups and relays not just to reduce spam to my mailbox, but to also reduce spam to the mailboxes of every customer. This in turn reduces complaints from customers. So far not a single customer has complained about losing legitimate mail, but I do have a means ready for any customer to opt out of the blockade and receive unblocked mail. It will be their choice, but they seem to be happy as is.
If you do fire a sysadmin for subscribing to the DUL, send them to me. If I have an opening, I might just hire them. Ultimately the decision to do any filtering on any basis whatsoever is a decision to be made by those with the authority in the business. But based on my experience, it is a wise decision to use DUL. But I would not use ORBS.
Asking people to turn off those filters and just accept being spammed as a result is not really practical, either. The RFCs don't actually mandate that everything has to be one big internet. It's not unlike any other firewall filtering where someone makes a policy decision about what they do or do not want to do, or offer to their customers, or support.
If blocking port 25 is brain dead (and I'm not really saying it isn't) then what is the alternative ..... that accomplishes as much spam reduction? Unfortunately, the design of the internet didn't really take into account the commercial proliferation we have today. We need some sort of secure mail transfer. Even with that, the problems won't go away. Even if we could authenticate exactly who sent every piece of mail at every hop with no chance of forgery, we'd still have the issue of having to decide who we want to accept mail from, and who we don't want to accept mail from. The concept of filtering is here to stay no matter what else we do.
When I was working at this one small ISP (sysadmin, not tech support), there were a shortlist of customers that tech support was authorized to forward direct to me on just their asking. One of them happened to be a CCIE working for a major telco doing their internet routers. After that first conversation where I asked why he was using us (because he didn't trust his own employer's network WRT privacy) he was actually useful because he would pin down exactly where problems were before calling, and I knew I didn't have to do the trackdown myself.
But yes, you can get morons claiming to be gurus (because they installed a computer at work and it worked). I still think a direct line like that could be useful, but it should be given out sparingly, only when merited, and probably with some access code that could be revoked. OTOH, rot13 has been a reasonable filter, so far, on my email address.
Not all geeks do, and it is true that web sites are hitting up bandwidth providers for all customers more and more. But geeks do tend to stay online a lot longer, and download the latest FreeBSD, Linux, and MP3s. But perception plays a big role in this, too. The perception is probably more extreme than the reality.
If they use a collection agency, they usually get nothing unless the agency collects. OTOH, if they sell the debt to a buyer of bad debts (usually pennies on the dollar) they get money up front, but usually way less. But I doubt anyone would buy these debts, as they are usually to ficticious people with stolen credit cards (which can reverse the debt back to the original owner anyway).
It was about 2 years ago. I got past frontline because they were totally baffled (didn't know what an MX record should have). The guy who answered said he was one of the owners, and that he was there because they were replacing stuff that day. I told him the problem and he said it should be fine since that server had been back up for a few hours. He then talked to someone else and when he came back on the line, he said "Looks like they didn't convert everything right, give it an hour and I'll make sure they get it fixed". In an hour it was fixed. I didn't try earlier, so as far as I know, it could have been fixed in 5 minutes.
As for throwing jargon at clueless techs, it usually is the quickest way to get a problem escalated. Often the problem is beyond their comprehension anyway, so what else is there to do since most won't escalate just because you say "save your time, just escalate this call now" (and I wouldn't ever expect them to).
If your people love to blame the server/hardware, I wonder why that is.
I've been majorly *UN*impressed by the competency at Verizon. If they are rejecting mail coming in to their servers from their own IP space based on the FROM: address, then obviously they are paranoid more about the forgery aspect of it. And clearly, as you've determined, they are unaware of the fact that people within their access IP space can have legitimate email addresses outside of their network, and need one way or another (SMTP through the Verizon server, or SMTP around it) to get out. They can't do both without breaking things. They will have to decide which way they want to block mail. The way of forcing everything through their own mail servers would MAJORLY reduce spam originating in their access IP space, but they apparently haven't been clued into that concept, yet.
Don't be glad they are not blocking port 25. Instead, be glad they are not blocking BOTH WAYS OUT at the same time. But you should be SAD they have chosen the one way which has virtually NO impact on spammers. The reason is, other networks will block the Verizon IP space when they start getting spam delivered from that spare.
As for the "pay phone" analogy, consider that their view of the Internet is probably more like a television broadcast than even a pay phone. Big corporations want to feed, and control, information going to you. Be glad you even get to send mail at all.
The contract thing may or may not help. They are probably reluctant to put it in because then they have to actually go enforce it, and they probably fear they can't be very successful at it. But I do agree that cancelling an account is pointless. Spammers know they can get 24 hours or so from an account, and more on weekends. They know accounts are sacrificial. That's why I don't focus on the disposable dialup accounts in my anti-spam measures. At least blocking outbound port 25 from dialups prevents the spam, which account cancelling after the fact never does.
That's fine. Make sure Pac Bell SWIPs your network. Make sure they SWIP every other network as well as dialup pools, so you network doesn't get blamed for spam. Or you can configure your mail server to just feed through the Pac Bell server. I find a less-mainstream ISP that doesn't seem to attract spammers.
Do you really think they are hiring for a position where someone will have the AUTHORITY to actually make the sweeping changes some people claim is needed? I personally don't know if AOL's network really sucks or not. I know a couple people whom I exchange email with that are on AOL, and it has worked OK. But if their network was fucked up as some people say, I'm assuming that it would take someone at the CTO level to fix it. Based on my experiences with other companies that do have networks in horrible or worse shape, anyone below CTO level just isn't going to have the AUTHORITY to get anything done, and won't even be listened to when they make the suggestions.
If I do appply for the CTO job at AOL, do you think they would even reply to my resume? Unless the job really is open, I highly doubt it. And even if it is open, I suspect they would be more looking for some politcal wonk than a guru geek who knows what to do to scale a network up to universal proportions reliably.
I wonder what would be said if the routers were to simply redirect port 25 (for packets addressed to any IP other than the local mail servers) to the local mail servers. Regardless of where the mail is intended to go, regardless of how the sending server is configured, it always goes through the ISP's mail proxy server. There, appropriate checks and controls can be applied as the above article suggest. The question is, would all the complaints about broken mail be reduced because now people would no longer be so incovenienced as to have to set their "SMTP host" address according to their ISP instructions?
I've learned to NOT believe the obvious from so many people. I know what would be logically right. But so many people out there don't actually know, and just proceed on that basis. And then when you talk with them you're often not even talking the same issues. It's best to be 100% certain of what they are talking about and make NO assumptions about what they didn't actually say.
BTW, I just realized that I have received relay spam from an Earthlink mail server at 207.217.121.12. That is one of yours, right? Did this one slip through your fingers? Did someone else set up that one? Was it hacked into? Did someone forget to test it against mail-abuse.org after making a config change? Why did no one respond to my spam abuse report?
Give you a call, eh? You post as Anonymous Coward and don't list your phone number? At least you can email me if you are geek enough to understand my email address.
You mean for mail not addressed to any domain which Earthlink is the ISP for, right?
If the addresses are not listed in DUL then they may have blocked it on their own. I do that when I get spam that was relayed but not blocked by RBL/DUL/RSS. I check the ARIN records for the exact address the spam came from and I choose the most specific network involved. That gets blocked. However, it is still possible that spam was relayed from an address listed only with the broad SWIP record covering their whole network, even if they did put your addresses in at ARIN. If that is the case, you need to complain to them because their failure to SWIP **EVERYTHING** that might possibly relay or spew spam can end up affecting you even if they do SWIP yours. If they can't fix that policy then you need to run, not walk, to another ISP (and if you have a term agreement, pass it with a note to your lawyer that they are the ones to break the agreement for not providing proper service). If you tolerate bad ISPs, there will just be more bad ISPs.
Given that @Home mail servers are open relays (since I get spam relayed through some of them, I know at least some are open), and given the lag of delivery through them, maybe someone has discovered it as a temporary storage device.
reply... "Midnight will be when NTP says it is."
Oh My God! That would mean we'd be back with an Internet the way it used to be about 10 years ago, with competent admins and engineers, and less crap and spam.
Have you made certain that your network never has sent out spam (and I mean EVERY machine on your network) and they your domain is not in one of the domain based anti-spam zones? You say you are running Exchange. Since Exchange has installed with relaying on by default (at least when I last checked it about 6 months ago) you may have been a spam conduit in the past (if not still one now). Test every mail server by getting on the machine and running telnet to mail-abuse.org (standard telnet port 23) and having it check to make sure you are not an open relay.
The problem is, because the tech support guy you do get has read the first 3 chapters of the first book towards his MCSE, he thinks he has the Black Belt in networking. Unfortunately, you might not impress most of them (even if you know 1000 times as much as the sum total of them all ever could learn).
The other unfortunate reality is that most of these companies do NOT want geeks as customers; they use the bandwidth too heavily :-(