[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Outgoing SMTP Servers

----- Original Message -----
> From: "William Herrin" <bill at herrin.us>

> Interesting. I want to abstract and restate what I think you just said
> and ask you to correct my understanding:
> 
> Making a service accessible to the public via the Internet implicitly
> grants some basic permission to that public to make use of the
> service, permission which can not be revoked solely by saying so.

That's correct; did you think it wasn't?

The offer is *in the presence of a standard service on a standard port*; if I 
put a SMTP receiver on tcp/25, you are, yes, implicitly permitted to try to 
use it to send me email.

There *is no place* to put "saying permission is revoked", so where 
would someone look, even if their daemon wanted to look.

> If that's the case, what is the common denominator? What is the
> standard of permission automatically granted by placing an email
> server on the internet, from which a particular operator may grant
> more permission but may not reasonably grant less? Put another way,
> what's the whitelist of activities for which we generally expect our
> vendor to ignore complaints, what's the blacklist of activities for
> which a vendor who fails to adequately redress complaints is
> misbehaving and what's left in the gray zone where behavior might be
> abusive but is not automatically so?

If there are specific things you want people not to do, *make it impossible
for them to do those things* (ssh authentication, for example).

Above that, I suppose that rate limiting failures is expected of a connecting
client...

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274