[Mimedefang] Re: Great open letter about anti-virus, emails, bounces, etc.

[Royce Williams]

Richard Cooper wrote:
> From: Royce Williams [mailto:royce.williams at acsalaska.net]
> 
>> We've had good luck with kicking back a 550 that simply says 
>> "Mailing directly from dynamics refused; please use your provider's
>>  outgoing mail server to relay."  Even if they're a fly-by-night

[self-snipping]

> It seems that everyone so far has agreed with this principle so far 
> so I think I have to speak out against. This seems to me like you are
>  just kicking the little guys in the teeth.

[some good reasons to not do what we do snipped]

Philosophically, I'm with you, Richard.  It galled me to have to do it,
and my friends who don't work where I do give me a hard time about it.
We do try to do it only for the larger providers that offer statics
and have reliable mail servers, or those that don't respond to our
abuse complaints.

> I realise that money means more than principles to big business, but 
> this to me is one step too far. You're trying to force people to use 
> a centralised Internet just to save yourself a few extra processor 
> cycles

I don't have any hard numbers, but my gut feeling is that it decreases
the spam volume by quite a bit.  I'd have to hire two more people to
handle the spam complaints coming from our own customer base if I
turned these off -- at least, in the short term until we can take a
different tack.

> or to save Joe Workstation from  pressing the delete button a couple 
> of extra times.

I also have to listen to the majority of my customer base, who can only
take 5M of spam a day before their quotas fill up and they start to get
riled up, spam tagging or no spam tagging.  Again, I think that you may
be minimizing the spam savings here.  So many involuntary open proxies
are hanging off of "semi-dynamics" (DSL/cable) that identifying just a
few can really cut down on my spam.

That being said, as we roll out more tools to put the customer in
charge of what happens to their mail (including automatically discarding
messages that score above a customizable threshold), we will be able
to scale back on this and try to get back to being "liberal in what we
accept." :)


> You have unilaterally decided that it is 'illegal' to run a mail 
> server from a dynamic IP.

Well, to be fair, only from a few major groups of dynamic IPs.
It's certainly much smaller than the DUL.  If I had the budget for
a couple more boxes, I could move this from my access file to a
+3 scoring in MD + SA, which would make me happier on principle.


> Sorry if this sounds like an attack, its not meant in that way, 
> However I feel like I have to stand up for us dynamic IP cable and 
> ADSL users because all you're doing is taking the easy way and 
> ignoring the fallout.

Your points are quite valid and I'm not taking it personally.  In
some ways, blocking dynamics is more draconian than refusing IPs with
no PTR record -- but in practice, many more people complained
instantaneously when we tried to implement the latter.

Sorry for the delay in getting back to you; spent most of the day
patching and "work-arounding" the OpenSSH vulnerability.

Royce

-- 
------------------------------------------------------------------------
Royce D. Williams               "Insanity destroys reason, but not wit."
IP Engineer III - ACS Internet & IP/MPLS              - Nathaniel Emmons
907-565-2267    PGP key: 0x3FC087DB     http://web.acsalaska.net/~royce/