On Tue, 27 May 2003, John C Klensin wrote: > Scott, > > Good try, but no cigar. This would be entirely reasonable if > open relays were the only way to accomplish what you are after. They are the only way to accomplish some things, like offering RFC 821 SMTP service to customers outside our your address space. > But, if open relays were used this way, the spam flow through > those open relays are such that "aol/roadrunner/etc" would start > blocking the IP addresses of those relays. Back to square one, > with no gain. Type 1 spammers don't abuse open relays. In my experience, Type 3 abusers (anti-spammers in some cases), do this. For example, about a year ago, I got into an argument with two radical antispammers. Suddenly, 2400 hundred different IP addresses started trying to abuse our relays. This continued for about 10 days, and then abated. Fortunately, our relay monitoring software blocked this, but it still involved sorting through (no exaggeration) millions of messages. After that, (and still continuing aperiodically), someone began trying to send viruses through a relay address advertised by a European open relay blacklist, forging my address. Coincidence? I don't think so. Not given other more overt threats and abuse by antispammers, such as Chris Neill and others. > Instead, there are at least two options available for that host > on a "residential" network (both in heavy use today): > > (i) The host uses a relay supplied by its ISP, one that > is not blocked by "aol/roadrunner/etc". This is more or > less satisfactory depending on what additional > restrictions the ISP imposes on that relay, but the > typical restrictions (much as I think they are > unreasonable) have very little impact on the typical > residential user who corresponds actively with > "aol/roadrunner/etc users". > > (ii) The host uses a relay with which its owners have > established some sort of business relationship and which > relay is in a position to authenticate the host (via SSL > certificates, SMTP AUTH, or some combination of a tunnel > and authentication). (ii) isn't an option. Here's a short answer: 1) This is not a standard. It is optional, even if eventually standardized. 2) There are only about 15 mail clients that support it. 3) It doesn't scale for non-dialup ISPs 4) Time Warner called it "unsuitable for business". 5) It doesn't reduce spam. Spammers are not outsiders. It fails to violate Shannon's theorem. 6) about a thousand other mail clients don't support it, and have no plans to. > I was a big fan of open relays a decade ago, but am no longer > convinced that they are the required solution to any problem we > need to solve. There were no "open relays" a decade ago. There were "anonymous relays" back then. This "anonymous relay" problem had nothing to do with SMTP, but was a problem with reverse DNS, and lack of a numeric IP address in the Received: header. This problem was been fixed around 1993.. It is not possible to send anonymous email through an open relay. (you still hear this from radical antispammers, though). > And, no, I don't believe that either of the measures above will > significantly reduce the volume of spam. Then why bother at all? --Dean