[IP] Re: My [Phil Karn] position on Comcastidiocy

[David Farber <dave@farber.net>]

________________________________________
From: Zach White [zwhite@darkstar.frop.org]
Sent: Sunday, January 20, 2008 9:33 AM
To: David Farber; Phil Karn
Subject: Re: [IP] My [Phil Karn] position on Comcastidiocy

Dave, for IP, if you wish.

On Sun, Jan 19, 2008 at 08:04:51PM -0500, Phil Karn wrote:
> Everybody seems to assume that blocking direct usage of port 25
> somehow stops spam.
>
> BUT HOW??!?
>
> Exactly HOW does forcing outbound mail to take an unnecessary hop
> through the
> ISP's outbound MTA stop spam? Does the MTA have some sort of magic spam
> recognizer? If so, why can't it be used by every inbound MTA?

Blocking port 25 is not a perfect solution. Neither is filtering,
turning off customers, or forcing everyone through a mail relay.

However, these are the best solutions we currently have.

A computer connected a standard 1.5mb/256k 24/7 internet connection can
send millions of emails per month, by connecting directly to remote
servers on port 25. By forcing them to use the ISP's mail relay we have
severely reduced that number, and made it a lot easier for Comcast to
detect customers sending more email than is reasonable for a single
person to be sending.

We also don't need to do any filtering on Comcast's mail relay. Comcast
can simply limit their customer to some reasonable number of messages
per day. Can you honestly say you'll need to send more than 200 or 300
messages per day? What if that limit was 500 or 1000? If you really do
send that many messages per day you're already beyond the usage level
of a casual user, and should be using a more robust service.

> The closest thing we have to a magic spam recognizer is Spam Assassin.
> It (or an equivalent package) is ALREADY in use by nearly every inbound
> MTA. How does duplicating this function in an outbound MTA -- or even
> *having* mandatory outbound MTAs -- help the spam problem?

You're perfectly free to wear a gas mask. How does installing filters
on my factory's smoke stack make a difference to you? It will just make
it harder for me to produce my widget, which is in high demand! Besides,
there are still cars so you still need to wear the gas mask, and carbon
filters aren't 100% perfect anyway!

Like it or not, spam is network pollution. This situation affects more
people than Comcast and its customers.

Without the port 25 block, Comcast spews millions of spam emails per
day from its network. With the port 25 block they can more easily
catch and stop infected machines from sending spam 24/7, because they
have a central place that email flows through.

I changed jobs 6 months ago, so I no longer run a corporate mail server.
When I did, my daily spam report always included Comcast in the top
5 mail sources. I would love how those stats have changed since the
block went into effect. I suspect that comcast won't show up anywhere
in that report now.

> Passive stream monitoring clearly requires far less resources than a
> mandatory MTA. MTAs are infamous resource hogs. Users often complain of
> long delays in their outbound mail, as can be expected when everyone is
> forced to use them for no good reason. Indeed, users should be active
> ENCOURAGED to minimize their use of ISP resources by delivering their
> mail directly to its destinations when possible.

You have clearly never run a network as geographically diverse as
Comcast's.

What exactly about passive stream monitoring requires fewer resources?
The fact that you have to put equipment at all your POPs? The fact that
your core routers don't have the ability to both route traffic and
mirror that traffic onto your monitoring network, so you have to push
this out to your edge? The increased number of servers whose only job
is to snoop on what your customers are doing? The additional
configuration and complexity in your network?

Further, I would ask what the business advantage of this method is. The
fact that this destroys your common carrier status? The potential this
possibility leaves for future sniffing of other traffic? (Mr. Karn, can
you explain to us why you viewed the Al Jazeera website in Farsi?) The
potential uproar when a disgruntled employee exposes what you're doing
in an unkind way?

To quote a popular phrase from NANOG, "I encourage all of my competitors
to do this."

-Zach

-------------------------------------------