nanog mailing list archives
Re: SMTP authentication for broadband providers
From: Michael.Dillon () radianz com
Date: Fri, 13 Feb 2004 11:05:16 +0000
To attack spam, we need to attack it at its core, not at some secondary
or
tertiary side-effect, with a mechanism that also hurt legitimate users.
We, as network operators don't need to attack spam. We need to ignore spam itself and get to work securing the network that enables spammers to do their dirty work.
Unless and until there is broad community consensus that answers that question in concrete and practical terms, then all our efforts are losing and stop-gap.
I wouldn't go quite so far as that. Yes, broad consensus of the network operator community would help us to secure the architecture of the email system. That's why I have suggested that large email operators should be meeting regularly in a forum where they can discuss and agree upon *BEST PRACTICES*. But it also helps for people to implement best practices in a piecemeal fashion because that provides the real-world operational experience to prove that a particular practice is feasible.
From recent conversations on the list it appears that the
BCPs for email include using the submission protocol for all end-user sending of email. But I would like to see this go a step further and require SMTP AUTH for every single SMTP session on port 25 as well. That means that AOL's mailservers would have to authenticate their sessions on Hotmail's servers before sending email and vice versa. It means that you cannot operate a mailserver without having a bilateral agreement in place with some set of email peers. It provides a chain of trust through those bilateral agreements that makes it easier to block SPAM and catch spammers. Yes, this probably means that we need to have some DNS related changes so that a domain can publish a list of their email peers and so that MTA software can figure out where to forward a particular email to reach its destination. But none of this is rocket science. And all of it could be accomplished by sitting the major email operators around a table to hash it out. NANOG could help here by devoting the next meeting to the various technical operational email issues and by extending to an additional day for the email operators forum. There is plenty of BCP material that could be presented and even though some of the operators like AOL have presented this in the past, an update would be useful to a lot of us. --Michael Dillon
Current thread:
- Re: SMTP authentication for broadband providers, (continued)
- Re: SMTP authentication for broadband providers Jason McCormick (Feb 11)
- RE: SMTP authentication for broadband providers Mark Segal (Feb 11)
- Re: SMTP authentication for broadband providers Michael . Dillon (Feb 12)
- RE: SMTP authentication for broadband providers Dan Ellis (Feb 12)
- RE: SMTP authentication for broadband providers Alexander Kiwerski (Feb 12)
- Re: SMTP authentication for broadband providers Miquel van Smoorenburg (Feb 12)
- Re: SMTP authentication for broadband providers Lou Katz (Feb 12)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 12)
- Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 12)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 13)
- Re: SMTP authentication for broadband providers Lou Katz (Feb 12)
- Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 13)
- Re: SMTP authentication for broadband providers Rob Pickering (Feb 13)
- Open, anonymous services and dealing with abuse Sean Donelan (Feb 15)
- Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 16)
- Re: Open, anonymous services and dealing with abuse Sean Donelan (Feb 16)
- Re: Open, anonymous services and dealing with abuse Henry Linneweh (Feb 16)
- Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 16)
- Re: Open, anonymous services and dealing with abuse Mark Turpin (Feb 17)
- Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 17)
- Re: Open, anonymous services and dealing with abuse Mark Turpin (Feb 17)