On Tue, 27 May 2003, John C Klensin wrote: > Scott, > > Good try, but no cigar. This would be entirely reasonable if > open relays were the only way to accomplish what you are after. > But, if open relays were used this way, the spam flow through > those open relays are such that "aol/roadrunner/etc" would start > blocking the IP addresses of those relays. Back to square one, > with no gain. > > Instead, there are at least two options available for that host > on a "residential" network (both in heavy use today): > > (i) The host uses a relay supplied by its ISP, one that > is not blocked by "aol/roadrunner/etc". This is more or > less satisfactory depending on what additional > restrictions the ISP imposes on that relay, but the > typical restrictions (much as I think they are > unreasonable) have very little impact on the typical > residential user who corresponds actively with > "aol/roadrunner/etc users". right, except my "residential" ISP bans the use of any and all servers on its network. their routers are configured to drop all http requests to my machine on the floor, by default. so what do i do? in true MANET style i moved the web server to port 81. my traffic went down significantly for almost a month until i was able to get the word out that apache was running on 81. this is probably in violation of RFC, but, well, the data must get through. > > (ii) The host uses a relay with which its owners have > established some sort of business relationship and which > relay is in a position to authenticate the host (via SSL > certificates, SMTP AUTH, or some combination of a tunnel > and authentication). > well i can just as easily ask one of the folks i have done consulting for to relay for me (or just configure it that way), then tweak my local exim config, and thats that. but that dosen't solve the problem on a large scale, just locally. > I was a big fan of open relays a decade ago, but am no longer > convinced that they are the required solution to any problem we > need to solve. > i had one until about a year ago, when i was watching the packet sniffer and saw spam being pushed through. then i closed the relay. > And, no, I don't believe that either of the measures above will > significantly reduce the volume of spam. After all, the volume > of spam is much higher today than it was when open relays were > the norm, worldwide. One can reasonably speculate on whether > the spam volume would be even higher if open relays were more > readily accessible, but, as many others have pointed out in > other ways, that really isn't the point. > personally, i get no spam. i just don't. i have no filters. i somply get none. don't ask me why. scott > john > > > --On Monday, 26 May, 2003 20:56 -0400 shogunx > <shogunx@sleekfreak.ath.cx> wrote: > > > On Tue, 27 May 2003, Tony Hain wrote: > > > >> S Woodside wrote, RE: spam > >> > How about the cost of legitimate emails that get filtered > >> > and never read. Not everyone scans the list to check for > >> > false positives. > > > > Below is an example for HAVING open relays, as a host on a > > "residential" IP can use an open relay for outgoing, and > > therefore communicate with aol/roadrunner/etc users. a minor > > mod to the config of the MTA and there you go. > > > > scott > > > > > >> > >> In a major example of false positives, we already have > >> examples of one real cost of spam. AOL (as one example of > >> many) has declared ranges of IP addresses marked > >> 'residential' as invalid for running a particular > >> application. In this case SMTP, but which app is next? There > >> is a 'guilt by association' presumption here by the > >> operations community, which when > >... > > > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81