Re: Outgoing SMTP Servers

[Jack Bates <jbates () brightok net>]

On 10/31/2011 8:12 PM, Brian Johnson wrote:
> Sent from my iPad
>
> On Oct 31, 2011, at 1:30 PM, "Jack Bates"<jbates () brightok net>  wrote:
>
> > On 10/31/2011 11:48 AM, Michael Thomas wrote:
> > > I've often wondered the same thing as to what the resistance is to outbound
> > > filtering is. I can think of a few possibilities:
> > >
> > > 1) cost of filtering
> > > 2) false positives
> > > 3) really _not_ wanting to know about abuse
> > On the other hand, you have
> >
> > 1) cost of tracking
> > 2) support costs handling infections
> >
> > It's really an range from "easiest and cost effective" to "doing it right". I personally run hybrid. There are areas that are near 
> > impossible to track; this is especially true for wide area wireless/cellular/NAT areas. I always recommend my customers block tcp/25, even to the local 
> > smarthosts. Use 587 and authentication to support better tracking. It's a hack, though, as it doesn't stop other abuses and it won't fix the 
> > underlying root cause.
> Let me know when u can "fix" the root causes. The two I know of:
> 1. Bad actors
> 2. Clueless users
While true, from a security viewpoint, the root cause is loss of control 
over the system involved. Spam, while perhaps the most visible and 
annoying to others is not my highest concern (We find the number of 
clueless users direct spamming is miniscule compared to hijacked 
systems). My concern is that the customer has lost control of their 
machine and could at that moment be unknowingly giving out critical 
information.

-Jack