Sent from my iPad
On Oct 31, 2011, at 1:30 PM, "Jack Bates" <jba...@brightok.net> wrote: > > > On 10/31/2011 11:48 AM, Michael Thomas wrote: >> I've often wondered the same thing as to what the resistance is to outbound >> filtering is. I can think of a few possibilities: >> >> 1) cost of filtering >> 2) false positives >> 3) really _not_ wanting to know about abuse > > On the other hand, you have > > 1) cost of tracking > 2) support costs handling infections > > It's really an range from "easiest and cost effective" to "doing it right". I > personally run hybrid. There are areas that are near impossible to track; > this is especially true for wide area wireless/cellular/NAT areas. I always > recommend my customers block tcp/25, even to the local smarthosts. Use 587 > and authentication to support better tracking. It's a hack, though, as it > doesn't stop other abuses and it won't fix the underlying root cause. Let me know when u can "fix" the root causes. The two I know of: 1. Bad actors 2. Clueless users > > In locations that support ease of tracking, using a mixture of feedback loops > with proper support is usually the proper way. This allows notification and > fixing of the root cause. In our case, we recommend quick suspensions to > demonstrate to customer how seriously we take the problem, and then we point > out that the sending of spam/scanning is only the easier to detect symptoms. > It is unlikely we'll notice if they have a keylogger as well. Still not the real root cause, but close. ;) Largely in agreement otherwise. - Brian
