That's just braindead. Any politician who thinks like that should be forcibly removed from office. (note: I'm not advocating violence, just a lack of tolerance where it's clearly undeserved.)
... the thing is that if you want to contact an external SMTP server it is pretty straightforward. You can either use the alternate SMTP port (587) with SSL/TLS...
If your work provides it (they should, many don't).
...or you can use a VPN.
And how is that a "straightforward" part of an email deployment? Unless VPN is really needed for other work functions, it should be avoided. It's overkill.
You could also just contact your ISP and ask for the restriction to be lifted for your account.
It took me about 4 tries before my ISP listened to me. Each time they told me it would be fixed, but it wasn't. People shouldn't have to go through that for something so fundamental to Internet service.
95% of home users don't need access to port 25.
Agreed, due to gmail, yahoo mail, etc. I don't think it's relevant, but I see why you do.
I agree it isn't the most ideal solution, but the preferred methods (such as SPF) have two big issues: They just aren't in widespread use enough,...
True, which is why I bring it up. I hoped to introduce the idea to someone who in turn might cause it to be implemented somewhere. I'm spreading the word.
I maintain that it can be very effective with reasonable and very loose default settings. (not entirely effective -- that would require universal participation; certainly worth using, though.)
...and way too many mail servers are poorly configured which would lead to dropped mail.
In what way? Can you give me a brief use case detailing SPF gone wrong? Any case where the sender causes problems by not supporting SPF? Any case causing email to actually be lost?
What would be better is ISPs throttling the number of SMTP connections their clients make. Say anything over 300/day and they're blocked for 24 hours.
Assuming this doesn't apply to business lines, there are still many small businesses that are using "residential" connections. This would solve the problems for 4.9% of the remaining 5% perhaps. It would leave the rest in a bit of a pickle.
The problem is the way email is handled. It was designed without good security practices, and now the industry is struggling to very, very slowly fix the problem. I don't want my ISP to feel like it's their job to monitor my connection. I want raw bandwidth from them, nothing more.
I prefer the philosophy: fix the problem, not the symptom.
Downside is that's probably asking too much from many smaller ISPs. Big ones (Comcast, Qwest, etc) should be able to do it easy.
also:
... or get their ISP to open it for them.
Maintaining complex port filtering is probably asking too much from many smaller ISPs.
Are you serious? If something is filed and becomes public record, a lawyer can freely discuss the contents of that document. After all, it is a matter of public record. This system only deals with public records. Your logic makes no sense whatsoever.
Furthermore, it won't be their own cases which get uploaded through this system. A lawyer isn't going to go to a public warehouse to obtain court records that he already has. He's going to go to an online warehouse to study previous cases to understand precedents and to strengthen his case. Lawyers are constantly studying other cases, making them good candidates to upload lots and lots of documents through this system.
If your SMTP server accepts email from client machines without requiring authentication, then you're doing it wrong. (by today's standards - it used to be acceptable.)
Email properly encrypted and authenticated should bypass SPF for exactly the reason you've pointed out. Any unauthenticated email for your own domain should be checked against SPF in case you have (or later setup) multiple relays. (I realize email will not necessarily have end-to-end encryption, but it is vital for the hop that includes a password.)
Here, here!
(one caveat, if (and only if) the ISP is at maximum capacity, I don't mind selective throttling. It still means they need more equipment/bandwidth though...)
If this were to go in place, Yahoo would flail about madly, and everyone else would ignore them. Suddenly, nobody would be able to send email to Yahoo users. Yahoo users would complain at being charged, and leave in droves. I can't imagine anybody stupid enough (in the business sense) to do something like this. I can only assume that Yahoo has no intention to do this, and have something to gain through the publicity.
As BMonger pointed out before you, mugnyte is probably referring to Google Wave. (which is a suitable stand-in replacement for email at a bare minimum, a great boon to business if Google plays their cards right; basically, it's email on steroids.)
Any unclaimed amounts would be confiscated as unclaimed property. The "owners" would then need to try to claim it from the government. (yes, they really do this.) As this would be a net income, they would love you. (not sure if it's the IRS or the State, but someone would pocket it for you.)
Oh, that's cute. Spam telling you to switch your donations to their charity (protecting baby seals and feeding children in Somalia). Sounds like a money machine to me.
1) Will not work? I don't think you, me or anyone else have a say in this, if they decide to implement it, it will work. People need email, they will spend a penny on each; I know I would. Unless you're using your Yahoo email for business, at that point, you have other things to worry about besides costs, the average persons, sends 10 emails per day. 2) You obviously don't work at an ISP to really understand blacklists, spam and what effect they have on your ISP's ability to send email to other ISPs.
1) Will not work. I don't think you or I have a say in this, if they decide to implement it, it will not work. People need email, they will not spend a penny on each; I know I wouldn't. If you're using your Yahoo email for personal use, at that point, you have other things to worry about besides a bill from Yahoo. The average persons, sends 10 emails per day, but some send considerably more. 2) You obviously don't work at an ISP to really understand how to use SPF to control spam and form correct English sentences. (sorry about that last one, but you were asking for it.)
It would be easier to use SPF. Man, I'm sounding like a broken record today.
SPF is a DNS counterpart to the MX record. MX says where you can send a message destined for a given domain; SPF specifies what servers are allowed to relay messages for a given domain. It addresses most (but not all) of the problems that TLS records would. The main difference would be what point-of-failures could be used to circumvent them (ca, dns, ip routing, etc), and what other things DNSSEC would be useful for.
Note that SPF is designed to work if the sender and receiver both use it. That being said, the receiver can still use reasonable defaults and block a majority of forged spam.
The proper solution is not for ISPs to block access between their clients and their client's mail servers. If I want to send a message from my computer at home through my companies mail server, I should be able to. If I don't want my ISP reading my email, I should be allowed to use ESMTP with auth and TLS. Your solution ignores this. It also complicates laptop setups something fierce. You're solving the problem in the wrong place by giving too much responsibility and authority to the wrong people.
The problem(1) is that SMTP is used as both a sending and a relaying protocol. There is no easy way to distinguish between an outbound SMTP connection being used to connect to a legitimate relay (work server) and as a spambot (forged headers).
The problem(2) is that SMTP servers blindly assume the sending address is legitimate. Thus, forging someones email address is easy. This is true even if the originating IP address reverse resolves to imgoingtospamyou.com or adsl-nn.nn.nn.nn.dsl.somewhere01.pacbell.net. This is what's broken, not what ISPs allow through their network.
The proper solution is for the receiving SMTP server to determine if the sender is allowed to send mail for that domain. This was not a consideration of the original email paradigm, but it is now.Sender Policy Framework If you're receiving spam from botnets, then your mail provider needs to tighten up their default SPF settings. (They may need someone to demand that they implement SPF.)
I know that SPF must be implemented everywhere for it to be fully effective, but good default policies will still block a vast majority of address spam.
It's a little tricky to see what you're getting at, but I think you want SPF.(more)
An SPF record is a DNS record that is roughly opposite to an MX record. MX says were to send mail for a domain; SPF says where mail is allowed to come from for a domain.
Our ability to deal with natural language (a subset of context-sensitive grammars which are notoriously hard to program for). It's not enough that you can have an algorithm which deals with a given problem, but it must run in a reasonable number of clock cycles*. Further, spam filtering by humans could be done by at the semantic level (beyond syntax and pattern matching.) It would be outrageously hard to design a program that understood and responded to all the semantics that a human can. I'm not saying a machine could not possibly outstrip a human, but I believe it would require a major innovation in AI to make it happen.
(And for the record, having a 3rd party human read someones email is just plain wrong in all but the most limited situations.)
*(Yes, there is a corollary to this. It is unreasonable to pay people to sit and read spam all day in order to catch the few real messages in the system.)
Perhaps full direct democracy doesn't exist. Some states (ex:CA) have proposition and referendum mechanisms that are. (Often co-opted by special interests, and sometimes ignored by the judiciary; it's still direct democracy in all it's gore and splendor.)
That's not good. The "nobody" account is used for far too much, and should be restricted whenever possible. It's preferable to use a dedicated account for each running service. For example, on Debian, Apache runs as "www-data".
Said contact information does not directly lead to increased revenue. (not for an omnipresent institution as the WSJ) Either they just want to feel more important that they really are*, or they have something more nefarious in mind. (ex:junk mail, directly or from "business associates")
Can you give a rational explanation for why they might legitimately want that information? (knowing anything more than how many subscribers they have from a given county?)
*(WSJ is fairly important, but, like anyone with power, they are subject to visions of grandeur and self-delusion.)
Slashdot Mirror
That's just braindead. Any politician who thinks like that should be forcibly removed from office. (note: I'm not advocating violence, just a lack of tolerance where it's clearly undeserved.)
And people wonder why I don't like Apple.
Sorry?
I'm pretty sure that the girl in Dances with Wolves is native (even in the movie which diverges from the book). Granted, it's been a while.
(And that sounds like a BSG reference, not DwW.)
That depends entirely on your English teacher. I had one who insisted we spell out the words for anything smaller than 100.
... the thing is that if you want to contact an external SMTP server it is pretty straightforward. You can either use the alternate SMTP port (587) with SSL/TLS...
If your work provides it (they should, many don't).
...or you can use a VPN.
And how is that a "straightforward" part of an email deployment? Unless VPN is really needed for other work functions, it should be avoided. It's overkill.
You could also just contact your ISP and ask for the restriction to be lifted for your account.
It took me about 4 tries before my ISP listened to me. Each time they told me it would be fixed, but it wasn't. People shouldn't have to go through that for something so fundamental to Internet service.
95% of home users don't need access to port 25.
Agreed, due to gmail, yahoo mail, etc. I don't think it's relevant, but I see why you do.
I agree it isn't the most ideal solution, but the preferred methods (such as SPF) have two big issues: They just aren't in widespread use enough,...
True, which is why I bring it up. I hoped to introduce the idea to someone who in turn might cause it to be implemented somewhere. I'm spreading the word.
I maintain that it can be very effective with reasonable and very loose default settings. (not entirely effective -- that would require universal participation; certainly worth using, though.)
...and way too many mail servers are poorly configured which would lead to dropped mail.
In what way? Can you give me a brief use case detailing SPF gone wrong? Any case where the sender causes problems by not supporting SPF? Any case causing email to actually be lost?
What would be better is ISPs throttling the number of SMTP connections their clients make. Say anything over 300/day and they're blocked for 24 hours.
Assuming this doesn't apply to business lines, there are still many small businesses that are using "residential" connections. This would solve the problems for 4.9% of the remaining 5% perhaps. It would leave the rest in a bit of a pickle.
The problem is the way email is handled. It was designed without good security practices, and now the industry is struggling to very, very slowly fix the problem. I don't want my ISP to feel like it's their job to monitor my connection. I want raw bandwidth from them, nothing more.
I prefer the philosophy: fix the problem, not the symptom.
Downside is that's probably asking too much from many smaller ISPs. Big ones (Comcast, Qwest, etc) should be able to do it easy.
also:
... or get their ISP to open it for them.
Maintaining complex port filtering is probably asking too much from many smaller ISPs.
Are you serious? If something is filed and becomes public record, a lawyer can freely discuss the contents of that document. After all, it is a matter of public record. This system only deals with public records. Your logic makes no sense whatsoever.
Furthermore, it won't be their own cases which get uploaded through this system. A lawyer isn't going to go to a public warehouse to obtain court records that he already has. He's going to go to an online warehouse to study previous cases to understand precedents and to strengthen his case. Lawyers are constantly studying other cases, making them good candidates to upload lots and lots of documents through this system.
If your SMTP server accepts email from client machines without requiring authentication, then you're doing it wrong. (by today's standards - it used to be acceptable.)
Email properly encrypted and authenticated should bypass SPF for exactly the reason you've pointed out. Any unauthenticated email for your own domain should be checked against SPF in case you have (or later setup) multiple relays. (I realize email will not necessarily have end-to-end encryption, but it is vital for the hop that includes a password.)
Here, here! (one caveat, if (and only if) the ISP is at maximum capacity, I don't mind selective throttling. It still means they need more equipment/bandwidth though...)
Sigh. I've already said this once today. ISP blocking port 25 is bad, not good.
If this were to go in place, Yahoo would flail about madly, and everyone else would ignore them. Suddenly, nobody would be able to send email to Yahoo users. Yahoo users would complain at being charged, and leave in droves. I can't imagine anybody stupid enough (in the business sense) to do something like this. I can only assume that Yahoo has no intention to do this, and have something to gain through the publicity.
As BMonger pointed out before you, mugnyte is probably referring to Google Wave. (which is a suitable stand-in replacement for email at a bare minimum, a great boon to business if Google plays their cards right; basically, it's email on steroids.)
I find it telling that Yahoo doesn't implement SPF... For someone soooo concerned about spam, they can't even do the DNS half?
Cute, but wouldn't work.
Any unclaimed amounts would be confiscated as unclaimed property. The "owners" would then need to try to claim it from the government. (yes, they really do this.) As this would be a net income, they would love you. (not sure if it's the IRS or the State, but someone would pocket it for you.)
Oh, that's cute. Spam telling you to switch your donations to their charity (protecting baby seals and feeding children in Somalia). Sounds like a money machine to me.
1) Will not work? I don't think you, me or anyone else have a say in this, if they decide to implement it, it will work. People need email, they will spend a penny on each; I know I would. Unless you're using your Yahoo email for business, at that point, you have other things to worry about besides costs, the average persons, sends 10 emails per day. 2) You obviously don't work at an ISP to really understand blacklists, spam and what effect they have on your ISP's ability to send email to other ISPs.
1) Will not work. I don't think you or I have a say in this, if they decide to implement it, it will not work. People need email, they will not spend a penny on each; I know I wouldn't. If you're using your Yahoo email for personal use, at that point, you have other things to worry about besides a bill from Yahoo. The average persons, sends 10 emails per day, but some send considerably more. 2) You obviously don't work at an ISP to really understand how to use SPF to control spam and form correct English sentences. (sorry about that last one, but you were asking for it.)
On the plus side, It would teach a few people to keep their computers mal-ware clean. (yes, I'm kidding. Don't mod me into oblivion.)
It would be easier to use SPF. Man, I'm sounding like a broken record today.
SPF is a DNS counterpart to the MX record. MX says where you can send a message destined for a given domain; SPF specifies what servers are allowed to relay messages for a given domain. It addresses most (but not all) of the problems that TLS records would. The main difference would be what point-of-failures could be used to circumvent them (ca, dns, ip routing, etc), and what other things DNSSEC would be useful for.
Note that SPF is designed to work if the sender and receiver both use it. That being said, the receiver can still use reasonable defaults and block a majority of forged spam.
And I just ran out of mod-points.
Mod parent insightful. I'm going to remember this one.
No, no, no, no, no... No.
The proper solution is not for ISPs to block access between their clients and their client's mail servers. If I want to send a message from my computer at home through my companies mail server, I should be able to. If I don't want my ISP reading my email, I should be allowed to use ESMTP with auth and TLS. Your solution ignores this. It also complicates laptop setups something fierce. You're solving the problem in the wrong place by giving too much responsibility and authority to the wrong people.
The problem(1) is that SMTP is used as both a sending and a relaying protocol. There is no easy way to distinguish between an outbound SMTP connection being used to connect to a legitimate relay (work server) and as a spambot (forged headers).
The problem(2) is that SMTP servers blindly assume the sending address is legitimate. Thus, forging someones email address is easy. This is true even if the originating IP address reverse resolves to imgoingtospamyou.com or adsl-nn.nn.nn.nn.dsl.somewhere01.pacbell.net. This is what's broken, not what ISPs allow through their network.
The proper solution is for the receiving SMTP server to determine if the sender is allowed to send mail for that domain. This was not a consideration of the original email paradigm, but it is now. Sender Policy Framework If you're receiving spam from botnets, then your mail provider needs to tighten up their default SPF settings. (They may need someone to demand that they implement SPF.)
I know that SPF must be implemented everywhere for it to be fully effective, but good default policies will still block a vast majority of address spam.
It's a little tricky to see what you're getting at, but I think you want SPF.(more)
An SPF record is a DNS record that is roughly opposite to an MX record. MX says were to send mail for a domain; SPF says where mail is allowed to come from for a domain.
Our ability to deal with natural language (a subset of context-sensitive grammars which are notoriously hard to program for). It's not enough that you can have an algorithm which deals with a given problem, but it must run in a reasonable number of clock cycles*. Further, spam filtering by humans could be done by at the semantic level (beyond syntax and pattern matching.) It would be outrageously hard to design a program that understood and responded to all the semantics that a human can. I'm not saying a machine could not possibly outstrip a human, but I believe it would require a major innovation in AI to make it happen.
(And for the record, having a 3rd party human read someones email is just plain wrong in all but the most limited situations.)
*(Yes, there is a corollary to this. It is unreasonable to pay people to sit and read spam all day in order to catch the few real messages in the system.)
Perhaps full direct democracy doesn't exist. Some states (ex:CA) have proposition and referendum mechanisms that are. (Often co-opted by special interests, and sometimes ignored by the judiciary; it's still direct democracy in all it's gore and splendor.)
nobody (the apache account) is a local user.
That's not good. The "nobody" account is used for far too much, and should be restricted whenever possible. It's preferable to use a dedicated account for each running service. For example, on Debian, Apache runs as "www-data".
The documentation of said code - if it survives at at all - might as well be written in Mayan.
More appropriate than I believe you intended. Researchers can now read Mayan. It only took them about a century to figure it out. source
Said contact information does not directly lead to increased revenue. (not for an omnipresent institution as the WSJ) Either they just want to feel more important that they really are*, or they have something more nefarious in mind. (ex:junk mail, directly or from "business associates")
Can you give a rational explanation for why they might legitimately want that information? (knowing anything more than how many subscribers they have from a given county?)
*(WSJ is fairly important, but, like anyone with power, they are subject to visions of grandeur and self-delusion.)