<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.18.3">
</HEAD>
<BODY>
On Thu, 2010-08-19 at 14:44 +1000, Stephen Gillies wrote:<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
Port 25 outgoing connections, block or not?
===========================================
It is common practice for Australian ISPs to block outgoing port 25
</PRE>
</BLOCKQUOTE>
<BR>
Negative, it is not common practice, the ones that do, are in the vast minority.<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
The methodology supporting the blocking of port 25 is to limit the
ability for subscriber PCs infected with malware to send SPAM.
</PRE>
</BLOCKQUOTE>
<BR>
Agreed.<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
Upholding this view, the Internet Industry Association of Australia
(iia.net.au) provides the following Best Practice statement:
"Where technically and commercially viable, operators of equipment (such
as LNS or RAS hosts) which terminates user sessions with dynamically
allocated addresses MUST cause such sessions' outgoing connections to
be dropped where they are attempting to contact a remote host on TCP
port 25."
</PRE>
</BLOCKQUOTE>
<BR>
it's like BCP 38, but not many adhere to it either, BCP's are not standards, so they shouldn't be emphasizing "MUST".<BR>
<BR>
To enforce no 25 out, means having a clued helpdesk, and one that's willing to spend time hand holding clueless users on setting it up, it's just too much hassle for the big guys, and understandably so.<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
Internationally, the implementation of SMTP submission TCP port 587 is
widespread, and many blacklist maintainers suggest ISPs use SMTP
submission(1).
</PRE>
</BLOCKQUOTE>
Agreed.<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
A request to all Australian ISPs
================================
I'd like to suggest the implementation of RFC2476 across all Australian
broadband networks so as to provide end user subscribers the option of
using SMTP submission via TCP port 587.
</PRE>
</BLOCKQUOTE>
<BR>
What's with broadband networks? I believe it should be /every network/ regardless of size or nature of business (be it TPG, or some country town local IT shop offering 6 dialup lines), many here recall 15 or so years ago when most people only had a brand spankin new super duper speedy fast 14k dialup modem, and the havoc that was able to be wreaked with that.<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
Google and Yahoo! have recognised this benefit, and provide
authenticated outgoing submission on TCP port 587 as their standard
email configurations(3).
</PRE>
</BLOCKQUOTE>
<PRE>
</PRE>
yeah, and look at the crud they emit, that's almost justification not to use it <IMG SRC="cid:1282198129.10113.15.camel@tardis" ALIGN="middle" ALT=":)" BORDER="0"><BR>
<BR>
<BR>
</BODY>
</HTML>