Full Disclosure: Original Poster is my Business Partner
It is obvious, to me anyway, that much of the controversy surrounding the measures advocated here arises either from ignorance of the issues being discussed, or, worse yet, feigned ignorance by those who have an agenda....that agenda being the proliferation of their own SPAM, or, at best, a selfish indifference to the problem and an implicit assertion of "rights" which simply do not exist.
I must admit that in order for me to grasp some of the technical implications here, I had to consult with my mail guru, but after much study it is apparent to me that the vast majority of posts in opposition to these measures demonstrate ignorance. So, in layman's terms, perhaps, what do these measures really mean?
1. Block egress port 25.
I think this means that if I own an email server, I get to decide whether or not I will just blindly pass email along regardless of where it comes from and whether or not the sender is known to me. Desiring to take whatever small steps I can to reduce the amount of SPAM in the system, I would choose no, and, therefore, block egress port 25. Sure, if you own the server, it's your right to decide not to, but you can't deny that having an open relay contributes to the SPAM problem. It seems to me that the implicit asserted "right" that people are demanding here is the right for everyone to submit their email on any server they choose, without any responsibility for what they are sending. Why is it so controversial to expect that if you want to send email, you should have an account somewhere that authorizes you to use a specific server?
2. Blacklists.
They help some, right? Not perfect, but ours help us to reject thousands of messages per day, and in about a year and a half of operation we have NEVER been made aware of a legitimate message that didn't get through. (Of course it's POSSIBLE...but...really).
3. SPF
So there is a way that I can tell if an inbound message really comes from where it claims to come from. Sounds good to me. I roam all over the world, and am able to authenticate to my provider's server from a Cafe in Kiev or a Bungalow in Bali. It's really not that hard. If you can provide email, you can provide authentication.
4. This point was more of a summary of the three which preceeded it. So, in summary, the positions advocated here, in my view, amount to responsible mail management. MOst of the opposition seems to be in the "Wahhhh...I want a pony.." spirit. For those who argue that they are not effective because the spam problem hasn't improved, think about how narrowly these measures have been adopted. I can't wait until AOL, Hotmail, and the like institute SPF or similar measures.
And, no, I will not blindly accept and pass along your unauthenticated, unknown, careless, lazy email.
So let me make sure I have this straight. You are advocating having ISPs block egress traffic on port 25 for "standard consumer" type service.
Does this mean I can't have my own email server at home if I have "standard consumer" type service with said traffic blocked? Or does it just mean that I can't hijack someone ELSES servers to relay my traffic unless I'm willing to take responsibility for it?
If my understaning is in fact correct, then I'm ok with that.
Slashdot Mirror
Full Disclosure: Original Poster is my Business Partner It is obvious, to me anyway, that much of the controversy surrounding the measures advocated here arises either from ignorance of the issues being discussed, or, worse yet, feigned ignorance by those who have an agenda....that agenda being the proliferation of their own SPAM, or, at best, a selfish indifference to the problem and an implicit assertion of "rights" which simply do not exist. I must admit that in order for me to grasp some of the technical implications here, I had to consult with my mail guru, but after much study it is apparent to me that the vast majority of posts in opposition to these measures demonstrate ignorance. So, in layman's terms, perhaps, what do these measures really mean? 1. Block egress port 25. I think this means that if I own an email server, I get to decide whether or not I will just blindly pass email along regardless of where it comes from and whether or not the sender is known to me. Desiring to take whatever small steps I can to reduce the amount of SPAM in the system, I would choose no, and, therefore, block egress port 25. Sure, if you own the server, it's your right to decide not to, but you can't deny that having an open relay contributes to the SPAM problem. It seems to me that the implicit asserted "right" that people are demanding here is the right for everyone to submit their email on any server they choose, without any responsibility for what they are sending. Why is it so controversial to expect that if you want to send email, you should have an account somewhere that authorizes you to use a specific server? 2. Blacklists. They help some, right? Not perfect, but ours help us to reject thousands of messages per day, and in about a year and a half of operation we have NEVER been made aware of a legitimate message that didn't get through. (Of course it's POSSIBLE...but...really). 3. SPF So there is a way that I can tell if an inbound message really comes from where it claims to come from. Sounds good to me. I roam all over the world, and am able to authenticate to my provider's server from a Cafe in Kiev or a Bungalow in Bali. It's really not that hard. If you can provide email, you can provide authentication. 4. This point was more of a summary of the three which preceeded it. So, in summary, the positions advocated here, in my view, amount to responsible mail management. MOst of the opposition seems to be in the "Wahhhh...I want a pony.." spirit. For those who argue that they are not effective because the spam problem hasn't improved, think about how narrowly these measures have been adopted. I can't wait until AOL, Hotmail, and the like institute SPF or similar measures. And, no, I will not blindly accept and pass along your unauthenticated, unknown, careless, lazy email.
So let me make sure I have this straight. You are advocating having ISPs block egress traffic on port 25 for "standard consumer" type service. Does this mean I can't have my own email server at home if I have "standard consumer" type service with said traffic blocked? Or does it just mean that I can't hijack someone ELSES servers to relay my traffic unless I'm willing to take responsibility for it? If my understaning is in fact correct, then I'm ok with that.