North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: short Botnet list and Cashing in on DoS
> > Pardon for my possibly ill informed interjection. I was under the > impression that the current wind was blowing towards filtering outbound It is not true, as I know; moreover, the day when I receive such proposal from my ISP will be my last day with this ISP, so it will be for many others. Reason is simple - it IS NOT THEIR DUMB CONCERN, they are I(nternet)S(ervice)P(rovider) (not (WSP, Www Service Provider, for example). It is American using to think that others are so dumb that you must think instead of them... but people are smart, sorry. But I am not saying that it exclude AUP - yes, I should not abuse AUP, which may restrict me from sending or relaying spam, can restrict me from using more traffic in average than I signed for (it is common in most East Europe countries, for example), can require me to well control my resources... Yes, if I maintain mail relay myself, I am responsible for not sending spam, and if it is used for sending spam, it is AUP violation and ISP have right to restrict port 25; if I host child porn, it is AUP violation, and so on... Using port 25 is not AUP violation, in no way. (But if your mail relay require my relay to be in DNS and so can reject mail from it, it is your right as not my ISP but owner of _your_ hosts - so in reality I will maintain mixed mode SMTP only, sending the rest of mail to my provider...). (Even simpler. I use e-mail; erver in Rusia, and I send SMTP mail directly to it, and I do not want to use my provider's mail relay - so I use port 25. Not any problem with AUP). And remember, many relays use POP authenticaltion to allow SMTP from the same IP address. (Do not said about wiretapping, it is 99% kids games - everyone who want his messages do not be wiretapped can do it easily, on today's Internet... I personallty am 0% concerned about it - if some big boys (no matter in which country) wanna play kid game - let them do it, to prevent crying and depression - I hate crying kids, esp big ones...). But - it does not eliminate some smart technologies, such as having default firewall service. If I was in ISP business today, I'd propose it for all customers, allowing them to turn it off / on by simple button on the WWW (or by calling my support group). It is another thing - this is SERVICE. SERVICE does not make decisions instead of customer(s), it add value if customer want. What's about SMTP. it is simple. I use ISP from provider A. I use MAIL service from few other providers, and I can use port 25 to communicate with them (for example, using POP/SMTP mixed authentication schema). Any 25 port filtering will cause me to complain to ISP, ask money back and break contract with them (may be, sue them for AUP violation from THEIR side!). Good policy (see above) whould be: - they allow me to control port 25 and other things - If I keep their default policy, I am not responsivbvle for possibvle breakage, spam and so on from my site. - If turn this off, I became responsible.