email spoofing

[Res]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Wed, 13 Jun 2007, Alex Neuman wrote:

>> I will always allow all of our IP ranges for relay on the cust-out-smtp's 
>> as there is nothing at all wrong with doing so, so long as you don't add in 
>> IP ranges that aren't your own, and since no network competently setup 
>> routes RFC1918 addresses, its moot point.
>> 
>> 
> The F point, to use your own terms, is to avoid (read: make it more difficult 
> to happen) spam zombies spewing stuff out of your network and getting you 
> blacklisted. Most spam zombies will not authenticate - therefore, the e-mail 
> won't leave your network. This, combined with a firewall policy that only 
> allows port 25 traffic on your own servers can mitigate a spam zombie problem 
> before it begins.

How many IP ranges are you responsible for? certainly not a major network.
Blocking outgoing 25 is also not an acceptable choice in this part of the 
world, unless all major carriers do it, which wont happen because the 
moment some do the others use that as a customer sales point.

We have very little outgoing spam issues, (I say very little because to 
say we have none, would be very nieve, everybody has it, no mater how good 
our networks are with inplace ACL's policies etc).

We had far more when we used smtp auth. If a customer gets their IP 
blacklisted, so be it, better that then our cust out servers RBL'd 
affecting countless thousands.


-- 
Cheers
Res
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGcNtJsWhAmSIQh7MRAtQEAKCm695OD4KatqsatJtS/iu7OF6uCwCfWwda
+lYr2Z66rEMGSZQfRClbKzg=
=LRm/
-----END PGP SIGNATURE-----