I don't know about the "huge players", but we're an Internet Service
Provider, not an Internet Blockage Provider. We don't allow spoofing,
and we don't allow relaying, but we're not about to put filters
to prevent dialup customers from connecting wherever they want.
I too, am a small Internet Service Provider, and I too, don't want
to block sites that my users may want to access. But there seems
to be a few domains that do nothing but generate spam. Am I not
providing a service to my users if I prevent them from being
smothered with spam from those sites?
The issue is that there are ISPs that have filters such that their dialup
customers cannot talk to port 25/tcp of systems elsewhere on the net.
Customers have to use the provider's SMTP servers. The question is, is
this a good thing? I don't think anyone would argue against UUNet and PSI
doing this with the *.ms.uu.net dialups or the *.pub-isp.psi.net...but
would you do this on your own network?
I've blocked 4 ms.uu.net /16's and 12 pub-isp.psi.net /24's from talking
directly to FDT's mail servers. Unfortunately, most of the junk from PSI
is relayed through other sites anyway.
[ On Wed, August 6, 1997 at 19:09:15 (-0400), Jon Lewis wrote: ]
Subject: Re: Implementing anti-abuse techniques on ISP networks....
The issue is that there are ISPs that have filters such that their dialup
customers cannot talk to port 25/tcp of systems elsewhere on the net.
Customers have to use the provider's SMTP servers. The question is, is
this a good thing? I don't think anyone would argue against UUNet and PSI
doing this with the *.ms.uu.net dialups or the *.pub-isp.psi.net...
... and Earthlink, and Netcom, and Worldnet, and all the rest, and yes,
that's exactly what I'm getting at!
but would you do this on your own network?
One of the first installed, most common, and most often requested
filters for firewalls I help design, configure, debug, and install,
etc. for small and large corporate networks is one to prevent all
internal hosts but the mail gatetway from making outbound connections on
port 25. To them it's just as important as having coporate paper-based
communications go out on corporate letterhead (though of course the
degree of control it affords is far more insidious! ;-).
Of course. If it's your mail server you can decide what sites it will
accept mail from. But will you also use router access lists to prevent
your users from connecting to wherever and whatever they want?
