Dean, I couldn't agree with you more - thanks for saying it. whats funny to me is if anything would have given spammers a reason to exploit open relays it would have been the blacklists. I mean when you arbitrarily blacklist millions of their ISP's addresses you leave them with no other option. Of course that would have fed the claims that open relay needed to be stopped which would have brought more support to the blacklists thereby forcing more spammers to seek out open relays, etc, etc, forever and ever. ----- Original Message ----- From: "Dean Anderson" <dean@xxxxxxx> To: "Tony Finch" <dot@xxxxxxxx> Cc: <iesg@xxxxxxxx>; <ietf@xxxxxxxx> Sent: Monday, June 20, 2005 1:20 PM Subject: Re: Last Call: 'Email Submission Between Independent Networks' to BCP - Clarification On Mon, 20 Jun 2005, Tony Finch wrote: > On Sun, 19 Jun 2005, Dean Anderson wrote: > > > > Neither open relays nor lack of email authentication are > > problems that are exploited by spammers. > > Neither of those statements are true. I've already addressed the first. No, you haven't addressed anything. You made an assertion that doesn't stand up: What is probably your customers' attempts to relay externally does not represent spammers trying to abuse open relays. This is very likely legitimate, by legitimate users. This doesn't make your point. The fact that you seem to get gratification at "blocking email" and ASSUMING it is abuse, doesn't do you, us, your customers, or anyone any good. It doesn't show that open relays are exploited by spammers. The fact is, open relays aren't abused by spammers. In 9 years, no genuine commercial operation has ever abused our relay. And we look. We don't just look at "relay denied" log messages and impute bad motives, as you do. Instead, we look at the queued messages. We try to find the company selling something; And there hasn't been any. We found instead that this is abuse queued by self-described anti-spammers aka "spamops" people trying to "teach us a lesson" about running open relays. And when they gave up on abuse and shut their "blacklists", we had no further abuse, either. > Regarding the second, we dealt with an incident last year where a spammer > exploited an open proxy on our network to send spam; An open proxy on a machine run by your customer is still your customer, and is therefore entitled to send email. > they evaded our port 25 block by using an unauthenticated outgoing SMTP > relay. But they were your customer, and were therefore authorized to send email. If you had run SMTP AUTH, they would have obtained the password, because they can INSTALL AN OPEN PROXY ON YOUR CUSTOMERS MACHINE. Authenticating the relay will do nothing. Your problem is the open proxy. Deal with the problem, don't invent a solution that won't fix the problem. > This attack was easy for us to stop because they discovered the relay by > looking up our MX record; Funny that you should call this as an "exploit". SPF (the email authentication du jour) will identify your outbound relays, too. You are arguing in circles, making my points for me. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf