-----BEGIN PGP SIGNED MESSAGE-----
The "nicest" solution that I can see is for the ISPs to transparently
proxy port 25 to their MTA. They should offer STARTTLS.
If the client selects STARTTLS, their proxy should immediately connect
directly to the intended destination, permitting the connection to go
through. May well let the clueful through. This could be open to further
abuse, as you can't tell what the client/server are doing now.
However, the ISP still gets to rate limit the number of connections
that the client makes. This in itself is probably very powerful.
Things that IETF clueful road warriors can do, and I do:
1) use IPsec to your mail relay. I do this automatically.
2) use IPv6 (always configure 6to4 on your notebook)
I then, as Ted does, do authenticated relaying with STARTTLS.
So, my packets look like:
SMTP/TLS/TCP/IPv6/IPv4-encap-v6/IPsec/IPv4.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPl5oGYqHRg3pndX9AQFQaAP9HvRH2pvQt04TvuTzfw2QzLKwMFX5XNkG
Tsdf7eqMhBaPvm0qKKYdd43NA3UHOHBu1I25iVuCv0eFU5iFfwZNE7TOG0CdYcoX
mW5Oet6eKDG+FfVC/QWBTrk2ZsVy3tEGP96OIodOaIMsbZNNgTkWtyzDA1izWRza
Hej1CaN4Mts=
=fbft
-----END PGP SIGNATURE-----