Remote email access

Blocking "direct-from-dialup" spam is best done on the receiving end,
blocking *unauthenticated* SMTP connections made directly from dial-up
IPs.

If there were a definitive list of dialup and DHCP IP ranges, I might
agree. But after some years of compiling the MAPS DUL, Pan Am's PDL, the
osirusoft list, and who knows how many others, there isn't, so I don't see
how that's a practical approach. Blocking outbound SMTP also prevents
relay exploits of unsecured servers that will never be secured, and
there'll never be a definitive list of them, either.

IMHO, to block ALL outbound port 25 traffic
on the sending end is throwing the baby out with the bathwater.

It certainly is, but for most ISPs, there's a very small baby in a huge
tub of spam. Remember that this whole question only occurs for dialup or
DHCP users who are not using their ISP's mail service. While that
probably includes just about everyone you and I know, overall, it's a
teensy minority of ISP customers.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, John R. Levine, Sewer Commissioner
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web

John,

Tuesday, February 4, 2003, 10:50:14 AM, you wrote:

IMHO, to block ALL outbound port 25 traffic
on the sending end is throwing the baby out with the bathwater.

It certainly is, but for most ISPs, there's a very small baby in a huge
tub of spam. Remember that this whole question only occurs for dialup or
DHCP users who are not using their ISP's mail service. While that
probably includes just about everyone you and I know, overall, it's a
teensy minority of ISP customers.

It appears that the policy of blocking outbound port 25 has been adopted
much more broadly. It is not just folks running dial-in services. At a
minimum, anyone with "visitors" -- no matter how they connect -- is a
candidate for embracing the blocking philosophy.

d/

It appears that the policy of blocking outbound port 25 has been adopted
much more broadly. It is not just folks running dial-in services. At a
minimum, anyone with "visitors" -- no matter how they connect -- is a
candidate for embracing the blocking philosophy.

I can believe it. If I were running a company network, I can imagine lots
of scenarios where it would be reasonable to force all outgoing mail
through the designated servers where it could be inspected, logged, and so
forth.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, John R. Levine, Sewer Commissioner
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web

PS: Even on networks where port 25 works fine, I often find that it's
easier to use the web mail front end I stuck on my POP/IMAP server than to
get my laptop connected. Most ISPs now provide web mail for their roaming
users, and I think that's what people will end up using. On my system,
you can have web mail and IMAP sessions running at the same time without
the server getting confused.