how-to block ads
|
dru
join:2000-09-14
Corona, CA
| reply to richb01803
Re: Verizon's is actually the more-sensible approach
What do you mean by, "not well made"? Just what SMTP security protocol have you seen implemented and standardized upon that deals with this issue?
SMTP was standardized when the internet was a trusting, open place. That's the problem. IMAP4 addresses these issues, but not universally supported by all client programs.
Obviously, software that runs on individual corporate servers could and should restrict incoming SMTP mail to originating headers, like what Verizon is implementing. But many do not offer this, and I believe that there is an issue with the appearance of being "open relay" to the current detection algorithms employed by such systems as ORBS and MAPS. So you still have to restrict via IP address, and this is difficult if you have traveling employees or those using dialup or dynamic IP service.
As for "not well made" commercial offerings including those from Microsoft, Eudora, and others do not provide many SMTP security features other than restriction by IP address. When asked, they claim such reasons as "RFC blah blah compliance" which of course means to be a fully compatible piece of software it has to interoperate with mail clients that hail from the days of Windows 3.1 Of course ISPs with the talent can modify and recompile smtp software to meet their needs, but the average small business doesn't possess this type of talent.
The biggest problem we have had recently is with business clients not intentionally abusing our servers or spamming themselves, but setting up servers for their own use but leaving them open to mail relay (the default configuration, out of the box for many server programs) and with the plethora of scanners and bots used by spammers to find open relays, they are discovered and exploited within a few hours. | |
richb01803
Rich
join:2001-02-14
02100
| Well, maybe having the big ISPs implement really annoying restrictions will force the software companies to innovate and provide better email software.
Email's the #1 most popular application on the Internet, and it's been that way since the beginning.
Software vendors put their heads in the sand ages ago and decided that complying with a 20-year-old RFC with the likes of sendmail (world's buggiest program), Eudora and Outlook (world's least secure program) from now until eternity is a fine and acceptable state of affairs.
Well, I reiterate: email software as it stands today is "not well made". It's not up to the average 10-employee small business to come up with the answer to this problem; it's up to the well-heeled software vendors to do it. If not them, then perhaps the Linux freeware development community will take on this challenge (if for no other reason than to do an end run around SMTP port 25 when the ISPs gang up and block it).
I don't think the ISP managers are playing a good game of chess here. They'll bring worse problems on themselves by continuing these policies without also seeking long-term solutions in cooperation with the software development industry. | |
|
