Re: ingress SMTP

["Robert E. Seastrom" <rs () seastrom com>]

Mark Foster <blakjak () blakjak net> writes:

> On Fri, 5 Sep 2008, Mikael Abrahamsson wrote:
> > We don't allow most of our residential customer base to speak SMTP
> > TCP/25 to anywhere at all (and we have millions of them). Wish more
> > ISPs would do the same.
>
> Probably fair enough, if you as an ISP can get away with enforcing
> this sort of policy then so much the better.
>
> However relaying through your own ISPs 25/tcp should surely then make
> it relatively easy for noise to be tracked down and nailed at the
> source - by ISPs?  (Do abuse@ desks investigate spam these days?)

As others have noted, intercepting 25 breaks SPF.  It also
gratuitously creates weird anomalous behaviour that is much harder for
a reasonably clued person to debug than a simple blocked port, so it's
more likely to buy you a help desk call (with a subtle problem that
your level 1 folks probably can't get sorted anyway).  Perhaps you
aren't in a position where you have to care about the balance sheets,
but keeping the load off the help desk is a wonderful thing to do in
terms of cost control.  Doing traffic analysis looking for noise is
just extra work for your abuse people - when I was setting policy for
this sort of thing we put a cap at 1000 discrete destinations per day
per authenticated user (with a daily report of who'd busted it, and
most days the report was 0) and only once ran into a problem where
someone was legitimately trying to send mail to a bajillion people and
called the help desk.

-r