Comcast and SORBS

[mailings02 at ttlexceeded.com (Bob George)]

Rich Braun wrote:

> [...] We're getting a bit off-topic from the Linux group if I reply 
> to this in detail; my personal interest in posting here is to seek 
> Linux-specific tools and services to continue running a private email
>  server given ever-increasing restrictions.

Do your Terms of Service with your ISP allow such servers?

 From what you've written, nobody is preventing from running your private
email server. However, others running their own servers have elected not
to accept email from servers running off of dynamic IP ranges.
Lamentable as that is, *dealing with it* is definitely on-topic.

> But I do feel compelled to respond to the above point:  even if every
>  large ISP based in America and the major countries that share 
> American intellectual-property corporate values were to implement 
> blocks on SMTP port 25, the impact on spam would be *negligible*.  I 
> get about 10,000 spams per month.  Only a very small percentage is 
> from servers based here in America, and I'd probably have to search 
> long and hard for any sent out using a cable modem.

In your analysis, what percentage *are* originating from US-based
servers? Looking at my own (small personal) mail patterns, I get
significant numbers of messages that are flagged by spamassassin and
various RBLs as originating from dynamic IP ranges. (These are obviously
originating from ISPs that DO NOT block port 25.) A quick skim of the
headers makes me think that the bulk ARE originating from within the USA
(though admittedly I haven't done a detailed analysis.)

> I just flat-out disagree with your assertion that Comcast should 
> block outbound port 25 in the interest of spam reduction.

It sounds like Comcast is ideal for you then!

> [...] I used to run major operations at two different ISPs.  If I 
> ever said anything like the above in a forum visible to customers, 
> there would have been serious consequences.

Don't your ToS imply as much today?

> As for the public-policy implications of the above, suffice it to say
>  that I'm a card-carrying member of the ACLU and that I believe the 
> public does have an ownership interest in the utility rights-of-way 
> and/or broadcast spectrum that delivers Internet service to/from our 
> homes.  ISPs do not provide me with their service using "private 
> property".

How do you feel about spam? Do you feel that it constitutes freedom of
speech? Do you feel that others should be compelled to receive your
messages (spam or not)? Not to be antagonistic. I've simply run into a
few folks who genuinely feel that such is their right.

It's interesting enough to argue the pros and cons of blocking outbound
SMTP from residential subscribers, but I don't expect to change
anybody's mind if they already have strong opinions.

Here's the problem as I see it:

1. I want to have the flexibility of operating a server that I control
for a variety of reasons, including privacy concerns. I would like the
ability to avoid having my messages stored by an ISPs mail servers. I
would like to have control over how inbound messages are accepted. (OK,
I'm being a bit contradictory here admittedly.)

2. Residential broadband has been heavily abused, and (deservedly or
not), mail sent from such sources has been flagged as potential spam by
many sources. Presumably, much thought has gone into this, and whether I
like it or not, it *is* the reality.

3. Mail from "approved" servers is largely exempted, or at least not
subject to the taint of being "sent from residential address." Anonymous
open relay addresses are as likely to be flagged as spam sources as my own.

4. While I know WHAT to do about the problem, I'm not quite willing or
able to spend a lot each month to address the issue.

Given all that, if a group such as BLU were to establish a
group-maintained server that strives to meet the privacy and control
desires of the users, *while still maintaining a strict policy of
adherence to polite and respectful usage*, might that service stand as
good a chance of avoiding RBLs as any other? Might a "LUG-bonded sender"
program help attest to the "non-spamminess" of messages sent through it?

While it wouldn't be immune to the potential for government abuse, it
presumably would be watched over by a community of rabid privacy
advocates who would at least be guaranteed to put up more of a fight
than any faceless ISP. Policies governing appropriate use would be dealt
with by the community rather than any outside entity. Requirements for
signed PGP keys etc. might be useful, and I'm sure there are other
better ideas. An outbound SMTP proxy that requires user authentication
(thus accountability) perhaps?

- Bob