Autor: Alan J. Flavell Data: Para: Exim users list Assunto: Re: [exim] (OT) Responsibility of ISPs to provide reliable outgoing
SMTP to dynamic IP customers.
On Fri, 2 Sep 2005, Adam Funk wrote:
> Since many of you believe that residential customers should be
> forced to route all their mail through their ISPs' smarthosts,
There's something in what you say, but there are a couple of
detailed points that I would take issue with in that paragraph.
The reality of the current situation is that we simply cannot *afford*
to accept mail directly from random IPs, such as those provided by
domestic ISPs, that have not been set up as properly supported mail
systems. It isn't that we think they "should be forced", but that
there's a great quagmire of compromised domestic IPs out there, which
make our decision, frankly, inevitable.
And it isn't that they should necessarily have to use *their ISP's*
mail relay. Just that they need to submit their mail via /some/
managed and generally trustworthy mail relay. Some domestic ISPs are
maybe best treated as IP-only providers, whose users would be advised
to submit their mail via some *mail service provider* with which they
hold a mail account.
One big ISP in the UK, in fact, operates mail smarthosts which are a
long-standing festering source of Nigerian 419-style scams - to the
extent that quite a few of us apply RBL rules under which that
particular ISP's smarthosts are blocked for spamming. So if *they*
are your ISP, then using their mail relays is going to cause you
nothing but trouble, I'd say: you'd best look for some other mail
service provider.
> I think it follows that ISPs have a duty to provide reliable
> outgoing SMTP to their customers.
I don't think it does. I'd say, however, that ISPs generally *do*
have a duty not to block or capture the mail submission protocols -
leaving the customer an open choice of mail service provider. Not to
be confused with SMTP on port 25, which they might care to block or
capture to offer some protection from the risks of direct-to-MX abuse
lest the customer gets infested by some virus/trojan.[1]
> My ISP however claims that "The e-mail is a free service provided by
> us and therefore no compensation can be offered for downtime of this
> service."
IANAL, but if the service is bundled with the rest of their account
offering then it is not "free", but you'd have to check their T&Cs.
Nevertheless, it does help to explain why I'm recommending mail
submission via some well-supported mail system, which might be with an
unrelated provider; as an example, we recommend *our* users to submit
their mail from home via their University mail server account, using
the authenticated mail submission arrangements which we support.
Looking at this from the other side, we've had several complaints
recently from the USA where senders were presenting their own .gov
envelope sender addresses (relating to research institutions in the
USA), but the offering IP, as seen by us, was their home IP address at
some spam-ridden residential ISP, and we were rejecting the mail out
of hand for that reason -- after all, any spammer can fake a .gov
address as envelope sender - and lots of them do so - but relatively
few can submit their mail so that it's offered to us from an IP which
resolves to a .gov address! As a second best, we would still accept
their mail from a reliable mail service provider (i.e not too heavily
blacklisted at the usual dnsRBLs) - which might or might not be the
same company as provides their broadband IP service or whatever.
best regards
[1] I do worry, however, about the possibilities of viruses/trojans
which have worked out how to drive the user's authenticated mail
submission protocols, instead of the dumb SMTP engines that most of
them used till now.