Home page logo
/

nanog logo nanog mailing list archives

Re: Fun new policy at AOL
From: Richard Cox <Richard () mandarin com>
Date: Thu, 28 Aug 2003 11:50:41 +0100


On Thu, 28 Aug 2003 10:10 (UTC)
"Stephen J. Wilcox" <steve () telecomplete co uk> wrote:

| Whoa.. thats crazy. Obviously its an effort to stop relay forwarding
| from cable modem and DSL customers but there are *lots* of legitimate
| smtp servers sitting on customer sites on dynamic addresses.

And at one time it was considered "helpful" for mail servers to relay
anything that was presented to them.  We don't think that way now, as
a DIRECT result of the way in which that arrangement has been abused.

So with "legitimate smtp servers" sitting on customer sites on dynamic
addresses: the flexibility and convenience of such arrangements became
subsidiary to the abuse and security issues they facilitated.

Now if the abuse and security teams of the large providers would move
*quickly* to isolate compromised machines and deal with other security
related issues when they arise, the "flexibility and convenience" would
probably win out in the end.  But as things stand it isn't going to.
We can thank the usual suspects - Cogent, Qwest, AT&T, Comcast - and in
Europe: BT, NTL and possibly the world-abuse-leader, Deutsche Telekom
(who run dtag.de and t-dialin.net) for this being the situation.

They may think it's better for their bottom line to de-resource their
security and abuse departments, and better for their customers to let
them stay online while issues are resolved, but they remain oblivious
to the harm this policy is doing to the internet community as a whole.

| I've numerous customers I can think of straight away who use setups
| such a MS Exchange on dynamic addresses where they poll POP3 boxes
| and send their own SMTP!

The fact that it is impossible to readily distinguish between their
IPs and those of compromised boxes running Jeem etc, will mean that
those sites are already likely to be experiencing significant mail
rejection - and that will get worse, not better.  Unless there is a
turn-around soon in the attitude of backbones and other providers,
I can see a "registered SMTP senders only" policy being put in place
by the majority of sites by the end of 2004.  Or possibly sooner.

AOL's mail handling policy may be disappointing - but those of us who
have been hit by their other disappointing mail policy (of accepting
all undeliverable mail and then bouncing it to the (forged) sender),
may see this as actually improving the situation because it visibly
reduces the quantity of forged bounces *we* see originating from AOL!

-- 
Richard Cox

%% HELO - the first word of every Email transaction - is in Welsh! %%






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault