John Curran wrote:
If we can fix this by changing default behavior to make such
machines less useful to hackers, while still allowing anyone
who wants to originate to do so at will via configuration,
what is the harm?
Besides architectural purity (which still bears weight) the
problem is that configuration costs money. I have my own SMTP
server at home because I'm not happy with my ISP's smarthost.
That same ISP can't reverse-lookup my static IP to return a PTR
that has my domain name in it, explain me how they will build a
filter that un-filters port 25 for my IP and does not for the