[e2e] Fwd: Camel's nose in the tent

J. Noel Chiappa jnc at ginger.lcs.mit.edu
Fri Aug 10 09:57:25 PDT 2001 

    > From: Vernon Schryver <vjs at calcite.rhyolite.com>

    >> From: "David P. Reed" <dpreed at reed.com>

    >> Verizon DSL has instituted recently an official policy of blocking all
    >> email that a user sends that does not have a line in the header that
    >> says it is sent from verizon.net or bellatlantic.net. This is
    >> apparently because they want to "stop spam"

    > Does that policy apply to all SMTP traffic or only to SMTP sessions
    > with Verizon DSL SMTP relays or servers? 

I expect it applies to email generated by people on Verizon DSL links, and
sent to Verizon relaying SMTP servers (presumably for transmission outbound).
I assume they're doing this to make sure that all email has a "valid" return
address.

However, the simplistic version of this algorithm is totally lame, since
there's nothing to stop someone from just using "From:
hahayoucantfindme at verizon.net". Checking for a valid Verizon customer name is
even worse, since the people will simply mine the net for valid Verizon
names, and use them instead, so the angry email about spam will go to real
Verizon customers.

About the only thing that would work is to have a list of which source names
a given customer/line is allowed to use - and if you're going to that length,
you might as well allow the customer to use "foo at my_personal_domain.whatever".


Most ISP's already look at the source of connections to their relaying SMTP
servers, and only allow connections from people attached to their
infrastructure - this was also put into place to stop spam, from people
looking for open relays. So it's not hard to add additional checks, of the
kind above, to outbound mail from customers.

This algorithm is actually annoying in some cases, e.g. if you have accounts
with ISP1 and ISP2, then depending on which one you're dialed into, with many
email packages you have to change your email configuration. I.e. if you're
dialed into ISP2, you can't use ISP1's SMTP server for your outgoing email,
so you have to go in and change your outbound SMTP server.

However, given the alternative (open relays), this is a reasonable price to
pay...

	Noel

More information about the end2end-interest mailing list