RE: Limiting email abuse by subscribers [was: Abuse procedures... Reality Checks]

["Frank Bulk" <frnkblk () iname com>]

Leigh:

How many customers do you serve that you have just 50 exceptions?

It's my understanding that the most efficient way to keep things clean for
cable modem subscribers is to educate subscribers to use port 587 with SMTP
AUTH for both the ISP's own servers and their customer's external mail
server, and then block destination port 25 on the cable modem.  For
alternative access technologies, block destination port 25 on the access
gear or core routers/firewalls.

Regards,

Frank

-----Original Message-----
From: Frank Bulk 
Sent: Thursday, April 12, 2007 7:48 AM
To: Mikael Abrahamsson
Cc: nanog () merit edu
Subject: Re: Abuse procedures... Reality Checks


Mikael Abrahamsson wrote:
> On Wed, 11 Apr 2007, Frank Bulk wrote:
>
> > It truly is a wonder that Comcast doesn't apply DOCSIS config file
> > filters
> > on their consumer accounts, leaving just the IPs of their email servers
> > open.  Yes, it would take an education campaign on their part for all
> > the
> > consumers that do use alternate SMTP servers, but imagine how much
> > work it
> > would save their abuse department in the long run.
>
> There are several large ISPs (millions of subscribers) that have done
> away with TCP/25 altogether. If you want to send email thru the ISPs
> own email system you have to use TCP/587 (SMTP AUTH).
>
> Yes, this takes committment and resources, but it's been done
> successfully.

You don't even need to do that. We just filter TCP/25 outbound and force
people to use our mail servers that have sensible rate limiting etc.
People who use alternate SMTP servers can fill in a simple web form to
have them added to the exception list. We have about 50 on this list so far.

--
Leigh Porter