What about as a energy consumption offsetting move? Ie, if it cost a gym $15 per month per average member and the member generates $3 worth of electricity over the course of the month, wouldn't the 20% reduction in costs be worth while? If nothing else pass it back to your members. Let your members work out to get a reduction on their next monthly bill. All their energy generates otherwise is excess heat that requires more energy to combat.
The real reason is the "Eye Candy" at the gym. I may not have much will power or desire to go to the gym but once I'm there it's hard to make me leave.:-)
I've been certified on 3 different platforms to date. I do not have a degree. I spun my wheels for 3 years and didn't get my degree. I did however get 3 more years of solid IT experience. I have over a decade's worth of experience in network design and administration and close to 15 years in IT overall. It's not my certs that get me jobs, though it can be helpful in justifying the pay grade that you're shooting for. What gets me jobs is my experience. I speak from experience when I say that I've seen dozens of IT engineers come and go. The ones that always make less money are the ones with no experience no matter how highly certified they are. This includes people who went to college and got a degree in computer networking though it's certainly better than no degree at all (it still kills me that you can get a degree in that). It also includes those who simply crammed for and acquired a cert and are now using that as justification for their job. These types of people are rarely worth their salt. "Promoted to incompetence" is a phrase that comes to mind. The only good thing about these engineers is that their errors and lack of skills keeps me employed. Someone has to clean up their messes.
These "engineers" never seem to take their profession as seriously as those of us who have learned by "doing." I'm self-taught. I spend $3-4k a year on books. I have a personal lab that bigger than most of the networks my company works on. It takes a lot of work to keep up with this profession.
I'm not using my good fortune as justification for not getting a degree. I regret not having my degree. If I get the opportunity I will finish my degree (implying that I stop working 70 hour weeks). I'm also not saying that certs are worthless. Getting a CCIE is a hell of a lot of work and clearly demonstrates to your future employer that you've got skills. A CCNA or MCSE means that you can memorize answers from a book. I am using my own past as proof that most certs really don't mean anything or at the very least they must be concerned in the context of the person's experience. A CCNP and 10 years experience is good. A CCNA/P and no experience is a recipe for disater. It's experience that gets the good jobs.
Also, do not attempt to jump straight into systems or network engineering. You will become one of those many people that I tell horror stories about. No offense but no matter how skilled you think you are today you likely don't know what you think you know and I guarantee you that you don't know all the non-technical skills you must have to be successful. I strongly urge you to first spend a few years in support. This is an excellent way to make a few bucks in college. Get on your university's or college's helpdesk staff. This experience will ground your ego and connect you with the most important group of individuals you'll ever have to work with: your users. I can think of a dozen engineers off the top of my head who in the past month have clearly demonstrated to me that they either don't give a shit about the users their servicing or that they are simply unaware of the damage their actions cause to the support infrastructure. Spend a few years working support. I guarantee you that this will help you humble yourself and prepare you for becoming a success in IT. You can't jump right out and be a star. You haven't built the basic foundation on which to grow which will ultimately result in you crumbling.
While you're in college pay attention to the non-technical course. Yes, they're boring. No they don't rely on computers. Yes the professor is nearing triple digits. However most of these courses provide you the non-technical skills that you must have to be a success. I can't tell you how much I wish I'd not withdrawn from speech courses. If you can't talk to the customer a future employer won't have any use for you. I wish I'd paid more attention to my economics courses. Like it or not you have to have at least a basic business understanding to work today. Not only are most of these courses useful in the long-term but they also hold the key to you getting to do the fun courses. You have to keep up with the boring courses to have time for the technical courses.
The evils of corporate America aside, and not to sound ignorant, but would vaccinating males help or work at all? I have done very little reading on HPV but from what I gather males are the carriers of this virus and women are the ones the suffer from it. Would vaccinating the carriers eliminate the virus from their bodies? Or would the intent really be to vaccinate the males before they can become carriers and thus stop the spread of the virus that way? I need further clarification.
We were just talking about Vista's basic memory needs today. A coworker was working with a brand-new out-of-the-box Toshiba tablet with 1GB and Vista. It ran like ass. Waiting on windows to open and close was like running XP with 128MB. He had a 3.0Ghz desktop with 1GB also running Vista. It ran worse than ass. The box would seemingly hang for minutes at a time.
When my laptop gets replaced this Spring I'm loading up FC6 on it and running XP in VMWare. I don't need the problems of Vista. I need my laptop to work.
If I fail to restart FF 2.0.0.1 once a day it will inevitably crash on me. If I fail to kill off FF before going into standby or hibernating it will consume 100% of the CPU when I next bring up Windows. It won't allow me to write to any additional bookmarks at this point either. It usually consumes well over 200MB of RAM too. Seeing it over 300MB is not an unusual occurence and I've seen it much higher too. If it wasn't for the Session Manager addon that I'm using I would be going insane. As it is I'm only mildly loopy.
I'm an OSS nut and an avid fan of FF. It annoys me to no ends that this problem isn't being addressed. I've heard countless complaints from friends and strangers recounting similar problems. I wish some time would be spent looking into this.
Sex. Now I know what you're think, Slashdot community. What the hell is sex? Allow me to educate you with a fewquicklinks. Yes kids, it is a multi-player game, or at least it's more fun that way.
I just threw in that last one for kicks. Definitely NWS. Enjoy!
Pun intended. Does anyone else forsee in this the comedy that will likely unfold? I fully expect to read a story next week about a vocano in Indonesia that is firing concrete balls into the orbit and that they're taking our Chinese satellites or that they're pummeling a nearby city. I liken this to sticking your finger in the end of a shotgun barrel.
Problem is you're 1 person in a group of many thousand users that's capable of performing the task. The other 99.99999% can not. You're connection can not simply be singled out for an exception unless they use the static IP trick I mentioned earlier. It doesn't make good business sense to spend resources to satisfy the 0.00001% of their userbase that needs this functionality. It sucks but it's true. The only way we can justify doing it is because we're small when compared to big players like Cox and SBC.
Don't forget all the RBOCs. I was just commenting on that today over lunch. A free market can not work without some oversight and some smart regulation. This is required to ensure that a bamboozled majority can't steer us in a bad direction by fundamentalists. Somebody has to ensure that the playing field is level and kept neutral.
Boy I bet the ancestors of the Stonehenge builders will be pissed when they get the bill for the delinquent VAT taxes on Stonehenge and the new village.
That's exactly my take on it. Find the little transmitter and beat the living shit out of it. Honestly I don't think any other passersby would mind in the least. You could probably make a few bucks by letting the other people take a crack at the bluetooth transmitter for $1.
It wasn't GoDaddy's job. They never should have had anything to do with this problem. MySpace should have approach SecLists' provider(s) if not SecLists itself. GoDaddy didn't have the legal authority to do this.
Your scenario should be resolved with a tight integration with other major professional security organizations. Ie if CERT tells you that a host on your network is the key stone in a mass mailing worm I'd highly suggest taking immediate action.
Me too. I need a place to go though. Does anyone have any really good registrars that they recommend and why? What I'm looking for is:
Decent customer service, or at least CS department that doesn't get in my way
A good web interface. GoDaddy's sucks ass. The bulk editing crap drives me insane.
A decent price. A domain shouldn't cost more than $5-8 a year IMHO, less for longer registrations. Added features shouldn't add that much more cost either
A private domain implementation. I want to hide my mailing address from phishers, spammers, and other jackasses. It should not cost me as much to do this as it cost to register the domain for a year (are you listening GoDaddy?).
I think if someone can provide those basic features then I'd switch in a heartbeat.
I stand by what I said earlier. If you want to run a server then you need to host it with other servers and not in a netblock with other residential customers. Now the ISP I run does make exceptions for people wanting to use alternative SMTP servers (such as their employer's). We simply do this with static IPs that are assigned out of a particular block. This isn't for them to run a server though. It's only for them to connect to other SMTP servers (hopefully with AUTH and TLS).
I sympathize with SOHO businesses. Many of our customers fall into that category. Fact of the matter is many of them do not host any services whatsoever. Very few of our SOHO customer (and many even larger) have their email hosted somewhere, including with us. Almost all of them have their web presence hosted elsewhere and usually generated by someone else. The only thing they do with their Internet connection is access the Internet. The only SOHO business that I can think of that do not host everything elsewhere are tiny tech support startups or are run by the 5% user (the 1% of the 5% user being the proverbial group that consumes 95% of your available bandwidth, and the 1% user being the component that thinks they're technical but are really an average user that isn't afraid to click on anything). Nevertheless, virtual hosting is quite cheap. 1U hosting can be had for under $100/month now. ISPs almost always offer hosting options as well, as do registrars. There's a plethora of hosting options out there. People don't have to run services from their residential connection for any real reason.
It's a very unpopular opinion on a site like Slashdot (as one might deduce from the replies to my other comments). Unfortunately it's the only viable one. We absolutely can not in any way shape or form not have this block. It would eat away at our bandwidth. It would get our entire ISP blacklisted for "hosting spammers" when in reality we're hosting average users that have no clue how to properly secure their machines or conduct themselves in a secure manner on the Internet. These past few years people having been stuffing DNSBL into into BGP feeds to create their own little RBL. They've also been using this data, on the presumption that these hosts likely are open proxies, to filter inbound web requests. Nevermind that the effect the DNSBLs have on email. ISPs simply can't exist without this kind of filtering. I've been at this for 12 years now. We couldn't have gotten to where we are today without filtering along the way.
Here's another viewpoint on the matter. Imagine what the Internet would look like if no ISP did any filtering of any kind. The NSPs' backbones would have crumpled under the load. The costs of peering with NSPs would shot through the roof. ISPs would be forced to pass the increased costs on to the users. It wouldn't end here though. The industry has recognized this for some time. The result of this scenario would be that the Internet would become regulated. It's as simple as that. Customers would be forced to secure their PCs before putting them on the Internet. Of course the customers can't be responsible for this. They're users; they can barely power on their PCs. This requirement would be forced upon the ISPs. ISPs would have to start hand-holding users, coddling them and securing their PCs. This would of course dramatically increase costs. ISPs would start building MDU access layers that completely isolate users from each other. Users would be NATed and ISPs would have to build huge proxy clusters with near-infinite logging capabilities because Congress couldn't possibly pass a bill requiring something like this without also tacking on auditing and monitoring "features". Of course these "features" would then be referred to by POTUS in a signing statement that authorizes the federal LEOs to access this data any time they want in the name of National Security.
I'm not kidding either. This has been discussed in insane detail. I'm only summarizing here; I'm
I'd suggest you look into Canit-Pro from Roaring Penguin. It's from the author of MIMEDefang. Actually it's MD's commercial big brother. They make an appliance but I still run the app locally on Fedora boxes. They give you the full source code. It's extremely extensible. It makes Barracuda Networks' products look like child's play. Basically it will take the knowledge you already have and give you a platform to extend and build upon it. Canit-Pro is slick. The auto-tempfail by recipient and IP is great. The regex and user controls are worth their weight in gold. By far the most essential feature that is lacking in most other canned spam filters is the ability to scan incoming messages during the SMTP transaction. That way you can reject the message as spam before you actually accept it. This eliminates the need for DSNs. Give the demo a try sometime. You'll like it.
Ladies and gentlemen, allow me to introduce you to a person who's part of the problem. DrSkwid, please stand up and wave to the audience.
Users like yourself are not desired by any ISP. You're a member of the elite and self-righteous groups of users we fondly call pain-in-the-ass users.
We're not just blocking outbound tcp/25 to protect you. We're doing this to protect 99.999% of our userbase that doesn't abuse our services and stretch our networks to the extreme. Frankly we ISPs don't care about users like yourself. You increase our support costs. You bitch and moan about everything. You put up websites to flame your ISP because they happen to have an maintenance window when you wanted to play WoW through the wee hours of the morning. You bitch and moan because network congestion caused by other users like yourself adversely affect your Skype traffic, even though you won't pony up for a DSL with QoS.
If you want to run a server then buy a damn server and rack in up in a co-lo where servers belong. Or buy a business connection because that's what your traffic level meet. If you want residential broadband then buy residential broadband. The two are mutually exclusive.
Agreed. If they used a residential connection then they got exactly what they paid for. If they were on a business connection then they should become very vocal.
This isn't a reasonable thing. Repeat after me people, the willy nilly free love days of the Internet ARE OVER. Running a SMTP server on your home PC is not a reasonable thing to do. All responsible ISPs will block outgoing tcp/25 to dynamically assigned residential customers. I do this. If you want to run a server then get yourself a 1U co-lo or a virtual slice of a server for $10/month. Stop being part of the problem. Stop running SMTP daemons on your mother's PC.
Exactly. I can't stop a machine from being pwned. I can however stop the flood of SMTP from my customers. I posted some numbers in another message. It's the only effective method we as ISPs can undertake. A single outgoing message can get an IP in one of our customer dynamic pools on a dozen lists. A dozen messages from a dozen random users will poor local security (not too hard to find I imagine) can get the entire dynamic pool blocked. A hundred pieces of spam and a poorly run DNSBL will expand the block to our whole ISP. That's not good for business. Throttling obviously can't work. Flat out rejecting outgoing SMTP connections is the only way.
Frankly I see absolutely nothing wrong with a SP blocking outbound tcp/25 to all dynamically assigned customers. I run an ISP and I do this myself. We only permit outgoing tcp/25 to customers paying for a business circuit and to customers who have requested a static IP for another $5/month. All outgoing tcp/25 is blocked at the access edges. The only exceptions are for our static ranges and for SMTP to our ISP SMTP servers. The $5/month is enough to deter the person who always blindly requests a static IP even though they have absolutely no use for it whatsoever. It's not so expensive as to be cost prohibitive to someone with more technical knowledge and abilities. The ACLs on the edge all but eliminate spam from our netspace.
Hell let me just give you some numbers. I'm terminating 760 ATM PVCs (DSL customers) on this router. It's rejected 359,093 outgoing tcp/25 flows since I last updated that ACL 1.5 months ago. Over here I have about 800 cable customers. It has rejected 4,217,900 outgoing tcp/25 flows in the same time frame. Over here I have a pair of routers for a dual-home CMTS with 411 customers on it. Between the 2 routers in 2 months time they've rejected 8,918,045 outgoing tcp/25 flows.
Mind you these ACL counters only increment on flows, not individual packets. That's 13.5 million (say it with me again, 13.5 million) tcp/25 flows from less than 2000 customers that have been blocked by this simple, yet obviously effective, ACL. That's a lot of spam we've blocked and this is only a snapshot of a small window into our network. That's spam that would have ended up in your inbox. Ya'll can thank me later by buying me a beer at NANOG.
Naysayers who bitch and moan about their ISP blocking tcp/25 which keeps them from running a poorly configured and ill-maintained SMTP server on a residential broadband connection need to get a grip on reality. Their ISP is acting responsibly. Their ISP is doing what it can to stem the tide of spam flowing from its networks. I'm not responsible for a given user's personal PC. I am responsible for making sure that their neighbor, another paying customer of mine that isn't spamming the world, gets the service they're paying for. If my unsecured spamming customer #1 causes us to get our entire ARIN allotment listed on an overly aggressive and irresponsible DNSBL (I'm not saying all; I'm only saying that a few are run by 12 year olds that hurt the rest of the anti-spamming community of which I'm a card-carrying member) which in turn is stuffed into a BGP feed and dropped by an idiot netadm somewhere else in the world then customer #2 is not getting their money's worth. I'll gladly kick out customer #1 to meet my SLAs with customers #2-#n. Unfortunately by that point it's too damn late. Customer #1 has caused me weeks of grief and had caused customers #2-#n to become unhappy with my services. The fix is to keep Customer #1 from inadvertently becoming a pain in the ass.
If you want to run a SMTP server then rent a damn co-lo server or a virtual slice of one. Myself and other mail and netadms go out of our way to block tcp/25 traffic from any dynamically-assigned netblocks of our peer SPs. We willfully share this information with other SPs and we rarely have trouble getting it in return. If you want your mail to be received by a large percentage of the world then you'd better not be relying on a SMTP daemon you set up on your mother's PC. SMTP is only as reliable as the effort you put into making it so.
Slashdot Mirror
What about as a energy consumption offsetting move? Ie, if it cost a gym $15 per month per average member and the member generates $3 worth of electricity over the course of the month, wouldn't the 20% reduction in costs be worth while? If nothing else pass it back to your members. Let your members work out to get a reduction on their next monthly bill. All their energy generates otherwise is excess heat that requires more energy to combat.
I'll repeat myself again.. Eye candy. Everything else is moot.
The real reason is the "Eye Candy" at the gym. I may not have much will power or desire to go to the gym but once I'm there it's hard to make me leave. :-)
These "engineers" never seem to take their profession as seriously as those of us who have learned by "doing." I'm self-taught. I spend $3-4k a year on books. I have a personal lab that bigger than most of the networks my company works on. It takes a lot of work to keep up with this profession.
I'm not using my good fortune as justification for not getting a degree. I regret not having my degree. If I get the opportunity I will finish my degree (implying that I stop working 70 hour weeks). I'm also not saying that certs are worthless. Getting a CCIE is a hell of a lot of work and clearly demonstrates to your future employer that you've got skills. A CCNA or MCSE means that you can memorize answers from a book. I am using my own past as proof that most certs really don't mean anything or at the very least they must be concerned in the context of the person's experience. A CCNP and 10 years experience is good. A CCNA/P and no experience is a recipe for disater. It's experience that gets the good jobs.
Also, do not attempt to jump straight into systems or network engineering. You will become one of those many people that I tell horror stories about. No offense but no matter how skilled you think you are today you likely don't know what you think you know and I guarantee you that you don't know all the non-technical skills you must have to be successful. I strongly urge you to first spend a few years in support. This is an excellent way to make a few bucks in college. Get on your university's or college's helpdesk staff. This experience will ground your ego and connect you with the most important group of individuals you'll ever have to work with: your users. I can think of a dozen engineers off the top of my head who in the past month have clearly demonstrated to me that they either don't give a shit about the users their servicing or that they are simply unaware of the damage their actions cause to the support infrastructure. Spend a few years working support. I guarantee you that this will help you humble yourself and prepare you for becoming a success in IT. You can't jump right out and be a star. You haven't built the basic foundation on which to grow which will ultimately result in you crumbling.
While you're in college pay attention to the non-technical course. Yes, they're boring. No they don't rely on computers. Yes the professor is nearing triple digits. However most of these courses provide you the non-technical skills that you must have to be a success. I can't tell you how much I wish I'd not withdrawn from speech courses. If you can't talk to the customer a future employer won't have any use for you. I wish I'd paid more attention to my economics courses. Like it or not you have to have at least a basic business understanding to work today. Not only are most of these courses useful in the long-term but they also hold the key to you getting to do the fun courses. You have to keep up with the boring courses to have time for the technical courses.
The evils of corporate America aside, and not to sound ignorant, but would vaccinating males help or work at all? I have done very little reading on HPV but from what I gather males are the carriers of this virus and women are the ones the suffer from it. Would vaccinating the carriers eliminate the virus from their bodies? Or would the intent really be to vaccinate the males before they can become carriers and thus stop the spread of the virus that way? I need further clarification.
Yeah, get yourself a cat.
When my laptop gets replaced this Spring I'm loading up FC6 on it and running XP in VMWare. I don't need the problems of Vista. I need my laptop to work.
I'm an OSS nut and an avid fan of FF. It annoys me to no ends that this problem isn't being addressed. I've heard countless complaints from friends and strangers recounting similar problems. I wish some time would be spent looking into this.
I just threw in that last one for kicks. Definitely NWS. Enjoy!
Don't you remember AOL? The runner-up would be any currently employed at the Whitehouse.
Pun intended. Does anyone else forsee in this the comedy that will likely unfold? I fully expect to read a story next week about a vocano in Indonesia that is firing concrete balls into the orbit and that they're taking our Chinese satellites or that they're pummeling a nearby city. I liken this to sticking your finger in the end of a shotgun barrel.
Problem is you're 1 person in a group of many thousand users that's capable of performing the task. The other 99.99999% can not. You're connection can not simply be singled out for an exception unless they use the static IP trick I mentioned earlier. It doesn't make good business sense to spend resources to satisfy the 0.00001% of their userbase that needs this functionality. It sucks but it's true. The only way we can justify doing it is because we're small when compared to big players like Cox and SBC.
Don't forget all the RBOCs. I was just commenting on that today over lunch. A free market can not work without some oversight and some smart regulation. This is required to ensure that a bamboozled majority can't steer us in a bad direction by fundamentalists. Somebody has to ensure that the playing field is level and kept neutral.
Boy I bet the ancestors of the Stonehenge builders will be pissed when they get the bill for the delinquent VAT taxes on Stonehenge and the new village.
That's exactly my take on it. Find the little transmitter and beat the living shit out of it. Honestly I don't think any other passersby would mind in the least. You could probably make a few bucks by letting the other people take a crack at the bluetooth transmitter for $1.
It wasn't GoDaddy's job. They never should have had anything to do with this problem. MySpace should have approach SecLists' provider(s) if not SecLists itself. GoDaddy didn't have the legal authority to do this.
Your scenario should be resolved with a tight integration with other major professional security organizations. Ie if CERT tells you that a host on your network is the key stone in a mass mailing worm I'd highly suggest taking immediate action.
Decent customer service, or at least CS department that doesn't get in my way
A good web interface. GoDaddy's sucks ass. The bulk editing crap drives me insane.
A decent price. A domain shouldn't cost more than $5-8 a year IMHO, less for longer registrations. Added features shouldn't add that much more cost either
A private domain implementation. I want to hide my mailing address from phishers, spammers, and other jackasses. It should not cost me as much to do this as it cost to register the domain for a year (are you listening GoDaddy?).
I think if someone can provide those basic features then I'd switch in a heartbeat.
I sympathize with SOHO businesses. Many of our customers fall into that category. Fact of the matter is many of them do not host any services whatsoever. Very few of our SOHO customer (and many even larger) have their email hosted somewhere, including with us. Almost all of them have their web presence hosted elsewhere and usually generated by someone else. The only thing they do with their Internet connection is access the Internet. The only SOHO business that I can think of that do not host everything elsewhere are tiny tech support startups or are run by the 5% user (the 1% of the 5% user being the proverbial group that consumes 95% of your available bandwidth, and the 1% user being the component that thinks they're technical but are really an average user that isn't afraid to click on anything). Nevertheless, virtual hosting is quite cheap. 1U hosting can be had for under $100/month now. ISPs almost always offer hosting options as well, as do registrars. There's a plethora of hosting options out there. People don't have to run services from their residential connection for any real reason.
It's a very unpopular opinion on a site like Slashdot (as one might deduce from the replies to my other comments). Unfortunately it's the only viable one. We absolutely can not in any way shape or form not have this block. It would eat away at our bandwidth. It would get our entire ISP blacklisted for "hosting spammers" when in reality we're hosting average users that have no clue how to properly secure their machines or conduct themselves in a secure manner on the Internet. These past few years people having been stuffing DNSBL into into BGP feeds to create their own little RBL. They've also been using this data, on the presumption that these hosts likely are open proxies, to filter inbound web requests. Nevermind that the effect the DNSBLs have on email. ISPs simply can't exist without this kind of filtering. I've been at this for 12 years now. We couldn't have gotten to where we are today without filtering along the way.
Here's another viewpoint on the matter. Imagine what the Internet would look like if no ISP did any filtering of any kind. The NSPs' backbones would have crumpled under the load. The costs of peering with NSPs would shot through the roof. ISPs would be forced to pass the increased costs on to the users. It wouldn't end here though. The industry has recognized this for some time. The result of this scenario would be that the Internet would become regulated. It's as simple as that. Customers would be forced to secure their PCs before putting them on the Internet. Of course the customers can't be responsible for this. They're users; they can barely power on their PCs. This requirement would be forced upon the ISPs. ISPs would have to start hand-holding users, coddling them and securing their PCs. This would of course dramatically increase costs. ISPs would start building MDU access layers that completely isolate users from each other. Users would be NATed and ISPs would have to build huge proxy clusters with near-infinite logging capabilities because Congress couldn't possibly pass a bill requiring something like this without also tacking on auditing and monitoring "features". Of course these "features" would then be referred to by POTUS in a signing statement that authorizes the federal LEOs to access this data any time they want in the name of National Security.
I'm not kidding either. This has been discussed in insane detail. I'm only summarizing here; I'm
I'd suggest you look into Canit-Pro from Roaring Penguin. It's from the author of MIMEDefang. Actually it's MD's commercial big brother. They make an appliance but I still run the app locally on Fedora boxes. They give you the full source code. It's extremely extensible. It makes Barracuda Networks' products look like child's play. Basically it will take the knowledge you already have and give you a platform to extend and build upon it. Canit-Pro is slick. The auto-tempfail by recipient and IP is great. The regex and user controls are worth their weight in gold. By far the most essential feature that is lacking in most other canned spam filters is the ability to scan incoming messages during the SMTP transaction. That way you can reject the message as spam before you actually accept it. This eliminates the need for DSNs. Give the demo a try sometime. You'll like it.
Users like yourself are not desired by any ISP. You're a member of the elite and self-righteous groups of users we fondly call pain-in-the-ass users.
We're not just blocking outbound tcp/25 to protect you. We're doing this to protect 99.999% of our userbase that doesn't abuse our services and stretch our networks to the extreme. Frankly we ISPs don't care about users like yourself. You increase our support costs. You bitch and moan about everything. You put up websites to flame your ISP because they happen to have an maintenance window when you wanted to play WoW through the wee hours of the morning. You bitch and moan because network congestion caused by other users like yourself adversely affect your Skype traffic, even though you won't pony up for a DSL with QoS.
If you want to run a server then buy a damn server and rack in up in a co-lo where servers belong. Or buy a business connection because that's what your traffic level meet. If you want residential broadband then buy residential broadband. The two are mutually exclusive.
Agreed. If they used a residential connection then they got exactly what they paid for. If they were on a business connection then they should become very vocal.
This isn't a reasonable thing. Repeat after me people, the willy nilly free love days of the Internet ARE OVER. Running a SMTP server on your home PC is not a reasonable thing to do. All responsible ISPs will block outgoing tcp/25 to dynamically assigned residential customers. I do this. If you want to run a server then get yourself a 1U co-lo or a virtual slice of a server for $10/month. Stop being part of the problem. Stop running SMTP daemons on your mother's PC.
Exactly. I can't stop a machine from being pwned. I can however stop the flood of SMTP from my customers. I posted some numbers in another message. It's the only effective method we as ISPs can undertake. A single outgoing message can get an IP in one of our customer dynamic pools on a dozen lists. A dozen messages from a dozen random users will poor local security (not too hard to find I imagine) can get the entire dynamic pool blocked. A hundred pieces of spam and a poorly run DNSBL will expand the block to our whole ISP. That's not good for business. Throttling obviously can't work. Flat out rejecting outgoing SMTP connections is the only way.
Hell let me just give you some numbers. I'm terminating 760 ATM PVCs (DSL customers) on this router. It's rejected 359,093 outgoing tcp/25 flows since I last updated that ACL 1.5 months ago. Over here I have about 800 cable customers. It has rejected 4,217,900 outgoing tcp/25 flows in the same time frame. Over here I have a pair of routers for a dual-home CMTS with 411 customers on it. Between the 2 routers in 2 months time they've rejected 8,918,045 outgoing tcp/25 flows.
Mind you these ACL counters only increment on flows, not individual packets. That's 13.5 million (say it with me again, 13.5 million) tcp/25 flows from less than 2000 customers that have been blocked by this simple, yet obviously effective, ACL. That's a lot of spam we've blocked and this is only a snapshot of a small window into our network. That's spam that would have ended up in your inbox. Ya'll can thank me later by buying me a beer at NANOG.
Naysayers who bitch and moan about their ISP blocking tcp/25 which keeps them from running a poorly configured and ill-maintained SMTP server on a residential broadband connection need to get a grip on reality. Their ISP is acting responsibly. Their ISP is doing what it can to stem the tide of spam flowing from its networks. I'm not responsible for a given user's personal PC. I am responsible for making sure that their neighbor, another paying customer of mine that isn't spamming the world, gets the service they're paying for. If my unsecured spamming customer #1 causes us to get our entire ARIN allotment listed on an overly aggressive and irresponsible DNSBL (I'm not saying all; I'm only saying that a few are run by 12 year olds that hurt the rest of the anti-spamming community of which I'm a card-carrying member) which in turn is stuffed into a BGP feed and dropped by an idiot netadm somewhere else in the world then customer #2 is not getting their money's worth. I'll gladly kick out customer #1 to meet my SLAs with customers #2-#n. Unfortunately by that point it's too damn late. Customer #1 has caused me weeks of grief and had caused customers #2-#n to become unhappy with my services. The fix is to keep Customer #1 from inadvertently becoming a pain in the ass.
If you want to run a SMTP server then rent a damn co-lo server or a virtual slice of one. Myself and other mail and netadms go out of our way to block tcp/25 traffic from any dynamically-assigned netblocks of our peer SPs. We willfully share this information with other SPs and we rarely have trouble getting it in return. If you want your mail to be received by a large percentage of the world then you'd better not be relying on a SMTP daemon you set up on your mother's PC. SMTP is only as reliable as the effort you put into making it so.