ISP Fantasies and Reality (was Re: Webone blocking port 25??)

[Matthew Hawkins]

Alex Satrapa (grail at goldweb.com.au) wrote:
> On Friday, July 26, 2002, at 09:13 , Matthew Hawkins wrote:
> 
> >Rather - it lets any customer use the ISP's mail server to relay spam,
> >and hence get that ISP and ALL their customers blacklisted, regardless
> >of the fact that the individuals at the ISP and their other customers
> >did not spam.
> 
> Because, of course, you have your relay set up to prevent people 
> bulk-mailing.

How, exactly?  Some pulled-out-my-arse figures on the number of
acceptible recipients?

Where are you going to draw the line?  5?  10?  20?  50?  What happens
when a legitimate email needs to be sent from the HR department to all
5,000 staff regarding renumeration changes or what have you?  Do you
temporarily disable these blocks (opening the server to possible abuse
from anyone during that period), or do you apply these rules on a
per-client basis? (eg, people from HR can send to 5,000 recipients) How
then do you go about preventing these people from abusing that extra
priviledge they get?

It's usually the people who need to do such things that are the least
likely to know about etiquette on the internet.

It's not only people who have to deal with it, how do you expect to run
mailing lists on that server?  Start a whole tree of sublists all
co-subscribed up the branches, so that the pulled-out-my-arse acceptable
number of recipients limit is never exceeded by any list?
Exempt all mailing lists (or certain lists) from such checking?  If that
- how do you then prevent subscribers from spamming via the lists?  Or
disgruntled mailing list managers for that matter?

With the kind of system you propose, you're going to need a whole
whopping huge clusters worth of high-powered systems to deal with all
these anal rules in your email system in an acceptible timeframe.
It simply does not scale.

> One day, a particularly clownish member of staff send out an email 
> message.  To "his close friends".  All 2000 of them.  With a couple of 
> Word documents attached.  Each message was about 2Mb.

What's wrong with that?  If I recall correctly, that person was involved
in marketing, had deduced a list of suitable clients, and sent them a
bunch of hopefully relevent marketing material.  The *only* thing wrong
with the exercise was that the mail server - and more over, the link it
was connected to - was severely inadequate to deal with the load.

I don't think it's the IT department's role to dictate how people in
other sections in the company have to do their job.  Though, in that
particular company, many individuals in the IT department firmly
believed it WAS their role to tell everyone else how to do their jobs.

Could there have been other ways to achieve the same goal?  Possibly.
I don't have a marketing degree, so I'm not up on all the fine points of
it.  Neither do you.

> Something as simple as a recipient count limit would have prevented the 
> incident from occuring.  Who needs SirCam when you have Clowns?

Something as simple as informing staff that 3Mb mails to 2,000
recipients would take a week or so to finally get out the mail queue
with the current infrastructure could also prevent the incident from
occurring.

> You can also impose mail throughput limits on some servers - limiting 
> the number of emails sent by one client per minute/hour/day.

You can also get all customers to submit lists of who they want to send
and recieve email with, and reject mail from anywhere else.  You can
accept their mail, print it out, have it read over (and possibly spell
corrected - bad spelling and grammer is a nasty virus!) by a collection
of trained monkeys, faxed to the legal/pr department for sanitisation,
and maybe possibly released in 6 months to maybe the intended recipients,
depending on what *your* needs/requirements are.
How ridiculously anal do you want to get?

> It also makes it extremely easy for ISPs to stop spamming at the source.

No it doesn't.  It makes it more difficult as described in other mails.

> >Rubbish.  The Windows virus just looks up your email client's SMTP
> >relay host and mails via it instead of trying to go directly.
> 
> At which point the ISPs SMTP relay has a chance to catch the virus-laden 
> email before it leaves the network.

You're assuming the ISP does such a thing, and does the right thing
(keep signatures up-to-date, run reputable software from companies
interested solely in ridding their networks of viruses - not increasing
their profits by hiring virus writers to write new viruses so their
software can come out with the patch first and seem really cool)

Even then, you've got just as good a chance at stopping the virus as the
Windows user themselves has by doing exactly the same thing - running
antivirus software, keeping it up-to-date, blah blah blah.

So all you've managed to achieve is increase the workload on your own
servers for very little benefit (the little benefit being the one or two
stupid people who don't run antivirus software and deserve to be
infected).  That benefit is not your own, either.  Are you going to
charge customers a premium to get this extra service?  Since its on a
global service, do you charge this premium to all customers (ie,
increase plan prices to cover costs), thereby forcing customers who
don't do stupid things like run Microsoft Windows to subsidise for
other's stupidity?

-- 
Matt
"So, logically, if she weighs the same as a duck, she's made of wood, and therefore a witch!"
(Monty Python and the Holy Grail)