[brlug-general] Google mail - aps etc... WAS Cox blocking email with numerical IP addresses.
Scott Harney
scotth at scottharney.com
Tue Jan 29 17:15:53 CST 2008
willhill wrote:
> I don't see it that way. What I see is spammers knowing how to use Gmail
> quicker than I did and applying the same to their botnet. If my client can
> do it, theirs can too and you are right back to where you started when you
> blocked port 22. Concentrating email concentrates the problems beyond the
> capacity of any team. You and I sacrifice a service but the spam goes on
> anyway.
>
Yes. But just like Cox, google employs outgoing spam filters. And it
prevents you from doing things like sending to 500 people in a single
BCC line from a single message. And it prevents you from sending a
certain number of messages per day. And by forcing you to authenticate
for each message, it can easily shut down a compromised account. I
suspect they also check headers and bodies against a heuristic spam and
virii checker as well; if your message "hits" against so many rules,
your message is filtered (ala spamassassin)
So yes, email providers filter their outgoing mail because they don't
want to end up on everyone else's incoming blacklist for forwarding spam
and virii. And they don't want to deal with the bandwidth expense
either. Or the user complaints. Economically, it is cheaper for them to
deploy automated filtering and authentication technologies to prevent
spam and virii from entering or leaving their own mail servers than it
is to deal with the above issues.
These issues are well known and well understood. A good place to start
reading about them is by reading up on the Sender Policy Framework
(www.openspf.org) and the debate surrounding it and other bolt-on and
replacement authentication methods for SMTP. Another good google search
would be "open mail relay".
Many believe that the only way to truly solve this problem
technologically requires replacing SMTP. SPF and similar technologies
(yahoo had one I forget the name of) are attempts to augment SMTP to
prevent forgery -- something SMTP alone was never designed to do.
So if you don't trust Cox or Google or anyone else to handle your mail,
you will have to spend real $ building and managing a mail server. And
you really will have to control the mail being sent out by your server
or no one will accept incoming mail from it.
More information about the General
mailing list