Re: Last Call: 'Email Submission Between Independent Networks' to BCP - Clarification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dean,

I couldn't agree with you more - thanks for saying it.

whats funny to me is if anything would have given spammers a reason to 
exploit open relays it would have been the blacklists.  I mean when you 
arbitrarily blacklist millions of their ISP's addresses you leave them with 
no other option.  Of course that would have fed the claims that open relay 
needed to be stopped which would have brought more support to the blacklists 
thereby forcing more spammers to seek out open relays, etc, etc, forever and 
ever.


----- Original Message ----- 
From: "Dean Anderson" <dean@xxxxxxx>
To: "Tony Finch" <dot@xxxxxxxx>
Cc: <iesg@xxxxxxxx>; <ietf@xxxxxxxx>
Sent: Monday, June 20, 2005 1:20 PM
Subject: Re: Last Call: 'Email Submission Between Independent Networks' to 
BCP - Clarification


On Mon, 20 Jun 2005, Tony Finch wrote:

> On Sun, 19 Jun 2005, Dean Anderson wrote:
> >
> > Neither open relays nor lack of email authentication are
> > problems that are exploited by spammers.
>
> Neither of those statements are true. I've already addressed the first.

No, you haven't addressed anything. You made an assertion that doesn't
stand up: What is probably your customers' attempts to relay externally
does not represent spammers trying to abuse open relays. This is very
likely legitimate, by legitimate users.  This doesn't make your point.

The fact that you seem to get gratification at "blocking email" and
ASSUMING it is abuse, doesn't do you, us, your customers, or anyone any
good. It doesn't show that open relays are exploited by spammers. The fact
is, open relays aren't abused by spammers.  In 9 years, no genuine
commercial operation has ever abused our relay. And we look. We don't just
look at "relay denied"  log messages and impute bad motives, as you do.
Instead, we look at the queued messages. We try to find the company
selling something; And there hasn't been any.  We found instead that this
is abuse queued by self-described anti-spammers aka "spamops" people
trying to "teach us a lesson" about running open relays. And when they
gave up on abuse and shut their "blacklists", we had no further abuse,
either.

> Regarding the second, we dealt with an incident last year where a spammer
> exploited an open proxy on our network to send spam;

An open proxy on a machine run by your customer is still your customer,
and is therefore entitled to send email.

> they evaded our port 25 block by using an unauthenticated outgoing SMTP
> relay.

But they were your customer, and were therefore authorized to send email.
If you had run SMTP AUTH, they would have obtained the password, because
they can INSTALL AN OPEN PROXY ON YOUR CUSTOMERS MACHINE.  Authenticating
the relay will do nothing.  Your problem is the open proxy.  Deal with the
problem, don't invent a solution that won't fix the problem.

> This attack was easy for us to stop because they discovered the relay by
> looking up our MX record;

Funny that you should call this as an "exploit". SPF (the email
authentication du jour)  will identify your outbound relays, too.

You are arguing in circles, making my points for me.

--Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf 


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]