I've been blackholing NANOG mail for a while due to other things displacing the time I'd need to read it, so I might be a little out of touch on this, but I did grovel through some of the archives looking for any discussion on this before posting. Didn't find a really coherent answer yet.
What I'm trying to get a feel for is this: what proportion of edge customers have a genuine NEED to send direct SMTP traffic to TCP 25 at arbitrary destinations? I'm thinking mostly of cable-modem and DSL/fiber swamps, dialup pools [do they even exist anymore?], and other clouds basically containing end-users rather than the more "bidirectional" business-class customers. The big providers -- comcast, verizon, RR, charter, bellsouth, etc -- seem to be some of the most significant sources of spam and malware attempts, mostly from compromised end-user machines, and it seems that simply denying *INGRESS* of TCP 25 traffic except to the given ISP's outbound relay servers would cut an awful lot of it off at the pass. Decent anti-header-spoofing configuration on said mailservers would take care of even more. I realize this might be a total hot-button but I'm not talking about filtering TOWARD customers, I'm talking about filtering FROM them, upstream -- possibly less often discussed. And only SMTP. Not censorship, just a simple technical policy that the vast majority of customers wouldn't even notice. I've got a paper out about this that was put together quite a while ago, in fact: http://www.usenix.org/publications/login/2005-10/openpdfs/hobbit.pdf I can weigh the decision to trust a PTR lookup, but most of the big players seem to have their inverse DNS automated fairly well which helps such little hacks work. But really, I'd like to see more done at the SOURCE of the problem, which should be as simple as two ACL lines dropped into some edge routers. What is preventing this from being an operational no-brainer, including making a few exceptions for customers that prove they know how to lock down their own mail infrastructure? And why do the largest players seem to have the least clue about it? _H*