Re: Outgoing SMTP Servers

[Brian Johnson <bjohnson () drtel com>]

Sent from my iPad

On Oct 31, 2011, at 1:30 PM, "Jack Bates" <jbates () brightok net> wrote:

> On 10/31/2011 11:48 AM, Michael Thomas wrote:
> > I've often wondered the same thing as to what the resistance is to outbound
> > filtering is. I can think of a few possibilities:
> >
> > 1) cost of filtering
> > 2) false positives
> > 3) really _not_ wanting to know about abuse
>
> On the other hand, you have
>
> 1) cost of tracking
> 2) support costs handling infections
>
> It's really an range from "easiest and cost effective" to "doing it right". I personally run hybrid. There are areas 
> that are near impossible to track; this is especially true for wide area wireless/cellular/NAT areas. I always 
> recommend my customers block tcp/25, even to the local smarthosts. Use 587 and authentication to support better 
> tracking. It's a hack, though, as it doesn't stop other abuses and it won't fix the underlying root cause.

Let me know when u can "fix" the root causes. The two I know of:
1. Bad actors
2. Clueless users

> In locations that support ease of tracking, using a mixture of feedback loops with proper support is usually the 
> proper way. This allows notification and fixing of the root cause. In our case, we recommend quick suspensions to 
> demonstrate to customer how seriously we take the problem, and then we point out that the sending of spam/scanning is 
> only the easier to detect symptoms. It is unlikely we'll notice if they have a keylogger as well.

Still not the real root cause, but close. ;)

Largely in agreement otherwise.

 - Brian