Greetings,
I was just informed about the recent discussion on this list regarding
the general concept of blocking direct access to one's own SMTP mail server
from non-local dialup banks.
I wanted to say just a few brief words about this.
First, I wish it to be known that the world's most comprehensive and most
well maintained list of dynamic dialups is located here on imrss.org, and
you can find out more about it by visiting
http://www.imrss.org/dssl/.
This list is accessible as a free RBL-style DNS-queryable list for the
benefit of the net community. It has already been in use for quite some
time now at many sites, and is proving to be quite useful in blocking out
quite a lot of direct-from-dynamic-dialup spam. The false positive rate
experienced by users of this list to date has been virtually zero, i.e.
virtually 100% of the messages blocked via use of this list have in fact
been certified USDA pure pork spam.
The reason for this is simple... Virtually no one except spammers is making
direct SMTP connections to the specific non-local SMTP servers at the sites
that are using the DSSL. Some sites do intentially support incoming SMTP
connections to their mail servers from non-local dynamic dialup banks (and
they should NOT be using the DSSL), but the vast majority of sites DO NOT
have a policy of supporting such usage, and in the case of these sites, the
DSSL merely provides them with a convenient and fairly comprehensive means
of programatically enforcing their existing usage policy for the local mail
server(s). (These sites are of course entirely within their rights to imple-
ment whatever restrictions they desire upon the usge of their own equipment.)
Of course, many have (and many will) argue against such restricted use poli-
cies, but I have yet to see anyone do so on a strictly altrustic and entirely
unselfish basis. All arguments againts such policies that I have seen to
date seems to be of the form ``I occasionally or frequently do this, and thus,
the world should not prevent it, because that would have a negative effect
upon ME.''
Regardless, mail server owners will make up their own minds about such re-
strictions, hopefully on the basis of a straightforward cost/benefit analysis.
It seems altogether clear that (a) the direct SMTP connections received by
most sites from non-local dynamic dialups are at least 100 times more likely
to be used for transmitting spam than they are for transmitting legitimate
non-spam messages and that (b) the almostly vanishingly small percentage
of the online population who are non-spammers and who have the sophistica-
tion necessary to do SMTP direct into non-local servers from dynamic dialup
lines are also, by and large, both sophisticated enough to understand any
rejection messages they might get (as a result of dialup blocking) and
also sophisticated enough to make other arrangements for having their E-mail
transmitted and delivered via some alternate (non-blocked) route. Thus,
for most sites, a simple cost/benefit analysis will tend to indicate that
blocking of direct SMTP from non-local dynamic dialups (especially those
that have been known to be sources of spam in the past, which is to say
everything that is listed on the DSSL) will be both justified and desirable.
Sites that are using the DSSL have reported a marked decrease in spam inflow,
and complaints relating to the rejection of SMTP connections from non-local
dynamic dialups are virtually unknown. The benefits for these sites of
preventing direct access to the local mail server(s) from non-local dialups
have been considerable, while the costs in terms of annoyed users have been
essentially zero.
P.S. It often seems to escape mention in discussion of this topic that
there are in fact pragmatic reasons why nobody (except maybe spammers)
should be routinely doing direct SMTP into non-local servers from dynamic
dialup lines. Specifically, what happens when the server you are attempting
to contact is temporarily down? How exactly does one arrange to perform
retries from a non-dedicated intermittent connection? And even if one
can, in fact, arrange that, isn't it just simpler and more efficient to
allocate responsibility for this critical task to the primary mail server(s)
of one's own local ISP?
DSSL Administrator
<dssl-admin@???>
http://www.imrss.org/dssl/
--
*** Exim information can be found at
http://www.exim.org/ ***
