Re: SMTP authentication for broadband providers

[Daniel Senie]

At 03:13 PM 2/11/2004, Sean Donelan wrote:

> On Wed, 11 Feb 2004 Valdis.Kletnieks@vt.edu wrote:
> > On Wed, 11 Feb 2004 11:15:20 PST, Dave Crocker said:
> > > what about port 25 blocking that is now done by many access providers?
> > > this makes it impossible for mobile users, coming from those providers,
> > > to access your server and do the auth.
> >
> > Port 587.
> >
>
> So is it time for ISPs to start blocking port 587 too?
Why, to restrain trade? To forbid people from using AUTHENTICATED services 
of their mail provider of choice? Why shouldn't users be able to hire an 
Email service provider who might have a LOT more clue about how to run 
email services than the broadband vendor they happen to buy a circuit through?

Please read the RFC 2476, the Standards Track document on the Submission 
protocol. Read especially section 3.3. While reading the document you will 
notice that at the time it did not require authentication (it's a MAY) but 
I think you'd find most deployment of Submission does use authentication of 
one sort or another.


> If the complaints are going back to the IP address anwyay, why shouldn't
> an ISP force it subscribers to go through the ISPs mail servers so it can
> control any messages sent by its subscribers?
Are the complaints going back to the ISP? Or are they going to the email 
services provider who authenticated the user? (read the headers on emails 
and you'll see there is a notation regarding the authentication).

People spent the time and effort to build a solution to the issue of port 
25 being largely open and unauthenticated. That solution is the SUBMISSION 
protocol. Many companies heavily use this mechanism to offer premium 
services to end users.