richb01803
Rich
join:2001-02-14
02100
|  Verizon's is actually the more-sensible approach
Re-reading the summary on this, I can't see why one would disagree with Verizon's policy on this matter.
They aren't restricting users on their network from receiving mail from anyone. They are restricting users of Verizon's SMTP gateways from sending email which is tagged with a From address other than that email server itself.
That's eminently sensible.
If you want to use a domain name other than one of the Verizon domains, then you should set up your own mail server for outbond mail (a typical Linux box will do fine), and/or pick up your mail from some other site.
Verizon's policy will probably affect 0.0001% of legitimate mail users: if you've got your own domain name, you're in all likelihood not using Verizon's mail servers to receive your mail, so the impact will be to get you to pay attention to how your software is configured to send outbound email.
The Earthlink policy, on the other hand, is one I object to strenuously. |
|
KoolMoe
Aw Man
Premium
join:2001-02-14
Annapolis, MD
clubs:
 ·Verizon FIOS
 ·Speakeasy
| As far as privacy concerns go, I have to agree that Earthlink's new policy kinda sucks. If they're going to force their users to send out only through their servers, then they should not have any privacy-compromising activities on those servers.
However, privacy concerns aside (say Carnivore is shutdown next month), then is this really that bad?
I run my own mailserver on a RTHM network, and for outgoing, I simply relay the email out to RTHM's mail server, which forwards it on to the world. No worries on my end and it works fine.
KM |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to richb01803
Sending email with no accountability is a blight on the internet.. Earthlinks policy is great, because (without the policy) customers can send out massive amounts of spam email within hours, with the penalty being (at worse) cancellation of their $20 a month account.. forcing it to go through the earthlink servers, which are provided for the purpose of delivering legitimate email, is perfectly reasonable, and allows flood control.
If you think the earthlink servers are unreliable, tell them to fix them, or move to another provider.
If you care about privacy, encrypt your email.
Verizon on the other hand is continuing to allow anyone with a windows spam utility to flood mailboxes, yet their action blocks (many) people who have their own vanity domain names.. for no gain. It is easy for verizon technically to drop subscribers who flood their mail servers.. (regardless of From address) yet this policy does nothing to stop direct mail spammers.. who are the real criminals.
[text was edited by author 2001-07-02 10:57:42] |
|
fhmiller5
join:2000-01-23
Dobbs Ferry, NY
| The person that said they cannot think of why someone would disagree, isn't thinking very hard.
We are a small office any many of us work from home using our various connections. The mail server we use at work requires the ip address be one of it's own for sending. Therefore we can't send through it from home. If we used Verizon for home dsl we couldn't send work mail.
Fred |
|
richb01803
Rich
join:2001-02-14
02100
| reply to justin
said by Justin:
Sending email with no accountability is a blight on the internet.
Well, I certainly can understand your position on this, but I think that there isn't any way to address the spam problem without a global re-think of email architecture.
Some form of authentication handshake will need to be implemented between mail servers, and between mail clients and mail relays, in order to address the spam problem once and for all.
I believe most people want two things:
(1) Email whose source can be verified; and
(2) The ability to send anonymous email as needed.
This forum itself is a way to send anonymous email: I get to express opinions here without having them directly traceable to my employer. That way I'm less inhibited, as are a number of the other regular contributors, so the issues are tackled much more directly.
But when setting up a personal mailbox, we tend to prefer that the source of incoming email can be verified--and blocked or stopped at the source if it's annoying or invasive.
I don't think ISPs are in a position to do anything other than help fund the R&D it takes to implement software to make this happen. Tweaking policies which limit the usefulness of today's software isn't going to solve the overall problem.
[text was edited by author 2001-07-02 11:09:29] |
|
richb01803
Rich
join:2001-02-14
02100
| reply to fhmiller5
Why is that? Why can't your office email server be set up to relay your email?
Software which attempts to restrict access based on an IP address isn't well-made. It should have some other means of getting you to prove who you are.
However, I will grant you the point that today's email software has a lot of limitations which force folks to come up with all these bizarre kludges.
I don't think it's possible to barricate the 'net against spam so long as we're all merely trying to jam our pinky fingers in the dike. |
|
sadowski
I Am My Own Doppelganger
Premium,MVM
join:2000-04-14
Buffalo, NY
clubs:
|  reply to justin
I don't want my ISP filtering anything. If I want to run my own servers then I should be able to. If I want talk to any other server I should be able to. If UCE and Bulk mail is a blight, then the spammers should be dealt with legaly on the level of their businesses, as well as servers set for customer (authorized) use only. I don't want an ISP deciding what is a "blight" such as adult content, political discussion, or even spam. Not to mention that we ALL KNOW that money will buy exceptions to all this filtering.
It's the ultimate hypocrisy to say that filtering (effective or otherwise) of what I don't like (spam) is OK but otherwise it's not.
I'm truly sick of hearing how ISPs should be turned into Internet police. The ISP should do nothing but provide connectivity and basic services to customers. If it doesn't want to provide basic services, such as mail and news, then it should not block those service either.
I suggest any of you really wanting such a bland and safe Internet stick to watching commercial television where you can be as safe and ignorant of anything potentialy offensive as you like. |
|
dru
join:2000-09-14
Corona, CA
| reply to richb01803
What do you mean by, "not well made"? Just what SMTP security protocol have you seen implemented and standardized upon that deals with this issue?
SMTP was standardized when the internet was a trusting, open place. That's the problem. IMAP4 addresses these issues, but not universally supported by all client programs.
Obviously, software that runs on individual corporate servers could and should restrict incoming SMTP mail to originating headers, like what Verizon is implementing. But many do not offer this, and I believe that there is an issue with the appearance of being "open relay" to the current detection algorithms employed by such systems as ORBS and MAPS. So you still have to restrict via IP address, and this is difficult if you have traveling employees or those using dialup or dynamic IP service.
As for "not well made" commercial offerings including those from Microsoft, Eudora, and others do not provide many SMTP security features other than restriction by IP address. When asked, they claim such reasons as "RFC blah blah compliance" which of course means to be a fully compatible piece of software it has to interoperate with mail clients that hail from the days of Windows 3.1 Of course ISPs with the talent can modify and recompile smtp software to meet their needs, but the average small business doesn't possess this type of talent.
The biggest problem we have had recently is with business clients not intentionally abusing our servers or spamming themselves, but setting up servers for their own use but leaving them open to mail relay (the default configuration, out of the box for many server programs) and with the plethora of scanners and bots used by spammers to find open relays, they are discovered and exploited within a few hours. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to sadowski
ISPs all have subscriber agreements than clearly set out the penalties for sending out unsolicited email. They are obliged to enforce those penalties.. if they can't and won't enforce them, it would be a PR nightmare for them as a company, and subsequently a serious legal problem, as spammers (and criminal activity) flocked to the ISP that just provided an IP and didn't care what you use it for.
the discussion has gone off topic though - Verizon is trying to stop spam in a technically naive way.. that both hinders those with legitmate needs for their own domain name, yet does little to stop spam originating from their network. |
|
htin11
join:2000-08-10
Flushing, NY
| reply to sadowski
actually read your TOS and your agreement, if the agreement say you can't run a server, then you can't do anything bout it...cuz it says DO NOT run a server...same thing with my road runner TOS. Thus you agreed upon not to run a server with the ISP...when you sign the contract or when you pay them. It all depend on the ISP...you choosed their services hence you are obligated by their runs...you don't have to pay them if you don't like their ways...as they say, go somewhere if you don't like what they offer. |
|
richb01803
Rich
join:2001-02-14
02100
| reply to dru
Well, maybe having the big ISPs implement really annoying restrictions will force the software companies to innovate and provide better email software.
Email's the #1 most popular application on the Internet, and it's been that way since the beginning.
Software vendors put their heads in the sand ages ago and decided that complying with a 20-year-old RFC with the likes of sendmail (world's buggiest program), Eudora and Outlook (world's least secure program) from now until eternity is a fine and acceptable state of affairs.
Well, I reiterate: email software as it stands today is "not well made". It's not up to the average 10-employee small business to come up with the answer to this problem; it's up to the well-heeled software vendors to do it. If not them, then perhaps the Linux freeware development community will take on this challenge (if for no other reason than to do an end run around SMTP port 25 when the ISPs gang up and block it).
I don't think the ISP managers are playing a good game of chess here. They'll bring worse problems on themselves by continuing these policies without also seeking long-term solutions in cooperation with the software development industry. |
|
sadowski
I Am My Own Doppelganger
Premium,MVM
join:2000-04-14
Buffalo, NY
clubs: | reply to htin11
said by htin11:
as they say, go somewhere if you don't like what they offer.
Bring back slavery too then, eh? |
|
Network Guy
join:2000-08-25
New York | reply to justin
Amen. |
|
sadowski
I Am My Own Doppelganger
Premium,MVM
join:2000-04-14
Buffalo, NY
clubs:
| reply to justin
said by justin:
ISPs all have subscriber agreements
That's not the same as blocking service access. If the ISP doesn't want to enforce its rules it should either not make them or it should suffer the consequences of not enforcing them. Blocking services is not a reasoned response to laziness or ineptitude.
quote:
the discussion has gone off topic though
I don't think so. This is where these types of actions take us. What ISPs do have consequences and set trends too. These issues need to be addressed. |
|
spenster
join:2001-04-03
Houston, TX
| reply to richb01803
quote:
This forum itself is a way to send anonymous email: I get to express opinions here without having them directly traceable to my employer. That way I'm less inhibited, as are a number of the other regular contributors, so the issues are tackled much more directly.
Yes, this forum is a way to send anonymous email but the user has the choice whether or not they see the message using this method (either going to the site or not). Recipients of spam have no choice but to deal with the constant stream of unsolicited mail pouring into their computer.
As for your comment about a "re-think" of the internet's current method of mail delivery, that would be a great thing but what are users to do RIGHT NOW? Verizon customers that have their own domain names have been using the ISP's smtp server to send their mail because a lot of them do not want to set up their own mail servers and many of their hosts don't provide the ability to relay through their machines because of potential for abuse. Many hosting providers that I've seen simply provide pop3 mailboxes only. I know many people don't like Microsoft products but Exchange has the ability to restrict relaying via user authentication already as well as by ip. I personally prefer ip restrictions because it is too easy to impersonate a user not using secure password authentication due to the fact that user names and passwords for authentication are typically sent in plain text. Even if the ISP uses secure authentication, each and every user would have to use this configuration which means potential for more support calls due to incorrect client configurations. And not all clients support this method either. Bottom line is that for those who cannot send mail now, no matter how few, have a problem that will not be solved by a "re-think" of the current architecture. At least not soon enough for them of course. Many ISPs have attempted relay control via ip restrictions and for the most part it works. It's by no means a flawless process, but it does put a dent into the problem. 95% of the spam that has come across my inbox comes from mail servers that are open relays (no relay restrictions at all). I've verified many of them by sending messages to myself through their servers. If people running these servers would be kind enough to care about the rest of us on the net and close down these open relays, we'd see far fewer amounts of spam. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| reply to richb01803
Re: Verizon's is actually the more-sensible approa
said by richb01803:
Re-reading the summary on this, I can't see why one would disagree with Verizon's policy on this matter.
They aren't restricting users on their network from receiving mail from anyone. They are restricting users of Verizon's SMTP gateways from sending email which is tagged with a From address other than that email server itself.
That's eminently sensible.
If you want to use a domain name other than one of the Verizon domains, then you should set up your own mail server for outbond mail (a typical Linux box will do fine), and/or pick up your mail from some other site.
Verizon's policy will probably affect 0.0001% of legitimate mail users: if you've got your own domain name, you're in all likelihood not using Verizon's mail servers to receive your mail, so the impact will be to get you to pay attention to how your software is configured to send outbound email.
The Earthlink policy, on the other hand, is one I object to strenuously.
Actually, most ISP mail servers will NOT let you relay through them unless you are coming from that ISPs own netblock. This is pretty much industry standard, and that's how we do it. SMTP-AUTH is an option, but again, the support costs on getting people to set yet another doodad in Outlook are prohibitive. We've already had a few Verizon users call about this (they use us for mail, presumably because VZ seems to have issues keeping a simple mail server running 24/7/365).
This will likely affect more than ".00001%" of users. There's alot of folks out there that have personal domain names. Especially business users. And VZ is actively marketing to businesses.
As for Earthlink, it's the only sensible thing to do. 90%+ of spam I see is from dialups via "direct to MX". I applaud Earthlink for policing their userbase. I really have no problem with setting up a relay host. It's trivial, and Earthlink has a much better track record than other large ISPs with handling mail properly.
How do you propose an ISP with millions of users stops 'direct to MX' spam other than blocking port 25? Once the spam is sent, it's sent. Would you suggest they hire 50-60 people just to man the abuse desk and cancel violators AFTER the offense?
For smaller ISPs, it's easier, but when you buy commodity products, you should expect commodity service, IMHO. |
|
richb01803
Rich
join:2001-02-14
02100
| said by sporkme:
...presumably because VZ seems to have issues keeping a simple mail server running 24/7/365).
This will likely affect more than ".00001%" of users. There's alot of folks out there that have personal domain names.
The main technical thrust of my argument is precisely that the average telco is incapable of running a "simple" mail server capable of billions of transactions daily. It's inconceivable that one would deliberately construct a company which covers 40% of the population of the USA, proposes to capture dominant market share of ISP services within that geographic footprint, and funnel all those users' email through a particular SMTP server. It's a scaling problem that no sane person would want to take upon themselves; even AOL, which has already scaled up to that level by building up teams of engineers who know email inside & out, has its bad days.
On the latter point: thus far the only legit scenario brought up here which Verizon's approach interferes with is the case of the telecommuter who configures an SMTP mail client (Outlook Express, Netscape, or Eudora) such that reply email goes to work rather than to a Verizon mail server. Are there any other cases? If not, then I have a simple response for Verizon mail users: configure your SMTP client to put an allowed domain in the From header, and put your office's email domain in the Reply-To header.
For road warriors who want to be able to connect into the office and send/receive mail via a variety of ISPs, the best solution is to set up a VPN tunnel into your office so you can use the exact same settings (including IP addresses) from the office LAN or from any remote ISP. (I hasten to add that my current employer is a VPN purveyor, and of course that none of my DSLR postings reflect the views of that employer.)
I do agree with those who have pointed out that Verizon's approach doesn't really go after the problem very effectively; spam still gets out, it just happens to be slightly more obvious where it came from. |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
 ·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| Richb01803
Paragraph 1 -- I agree
Paragraph 2. Lets say I have a large number of email accounts. The simplest configuration from a user's perspective is the use the SMTP server on the network I am physically connected to. It is possible to use the SMTP server provided by others. However, they are also concerned with spam and may have policies that make it difficult to connect. Also, if the network provider decides to block port 25 you are dead in the water.
Paragraph 3 That is one solution. We let our employees access mail that way. If that is what the company wants to do fine. But it should not be dictated by the carrier.
Paragraph 4 -- I think this is really the crux of the problem. What Verizon is doing forces customers to do more work while not having any effect on spam. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Verizon's plan is a sham. It will not stop spam in the least.
Here's a list of "spamware". You'll find that all of it bypasses the spammer's mail server. This is what earthlink successfully stops, but what verizon is allowing people to do.
»www.spamhaus.org/rationale.html
Here's a snippet from one of the more popular pieces of spamware:
"How Desktop Direct Works
When you use your ISP's Mail Server - your mail goes through a lot before it actually reaches the recipient - after you press "send", your mail travels:
From your computer to your ISP's Mail Server
From your ISP's Mail Server to all of your recipients' ISP Mail Server
From your recipients' ISP Mail Server to their computers
When you use Desktop Direct - you bypass your ISP's Mail Server - so your mail only travels:
From your computer to your recipients' ISP Mail Server
From your recipient's ISP Mail Server to their computer
You will not be putting any additional "strain" on your ISP's Mail Servers or "abusing bandwidth" - your computer does the work!"
Again, VZ is doing nothing to protect against this method of spamming... What exactly is their logic? Will they be selling domain/mail hosting soon? |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to justin
Re: Verizon's is actually the more-sensible approach
Sorry, I just don't agree that this should be done. Yes, I would agree that some customers use their broadband connection poorly this way. The solution ought to be to make these ex-customers more liable than simply cancellation of their account; part of the ToS that must be accepted before service is turned up should be a statement of cleanup charges that will be imposed should they participate in such activity, and therefore it will be more than just not paying $20/month.
I want a clean IP pipe to the Internet, devoid of any packet filtering or redirection, except for dropping illegitimate packets (for example, those with an RFC1918 source IP address). If you're worried about John Q. Spammer using his BB connection for that, employ tcp/25 traffic shaping, and if the customer wants better tcp/25 bandwidth, provision the account as a business connection.
--
Those willing to sacrifice freedom for security deserve neither. |
|
