The FTC vs. The Zombies
from the when's-the-sequel-coming-out? dept
Apparently the various attempts by broadband ISPs to cut down on “zombie machines” sending out spam isn’t cutting it with the FTC and regulators in 35 other countries. They’re teaming up in an effort to slay zombies around the world, which certainly sounds like the premise for a schlock horror film. As with those films, the zombies are likely to keep popping up, and it’s likely there will be plenty of time for more than a few sequels. We eagerly await The FTC vs. The Zombies, Part IX: This Time, It’s Port 25.
Comments on “The FTC vs. The Zombies”
Private Mail Servers
The main thrust of this campaign from what I’ve read seems to get ISP’s to block private mail servers: If you aren’t an ISP, you don’t get to have a mail server. I expect governments all over the world to sign up to this idea as it will make it vastly easier to monitor e-mail traffic.
Not that unreasonable
Lots of sensational, reactionary articles about this topic already today. But they all have left out some of the key things the FTC page actually says, like: “Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.”
It is clear that FTC’s suggestion relates to end-user ISPs, not ISP offerings for connecting large corporate/government networks to the ‘net.
Individuals and small companies who have the technical expertise and need to bypass their ISP’s SMTP server ought to be able to adapt to reasonable ISP accomodations: The port 587 idea above, only opening port 25 upon request, etc.
There are already workarounds today for ISPs that block port 25, because plenty of ISPs already do. My ISP’s mail servers are crap, so for years I’ve used a Usenet/mail third-party provider that costs $6 a month. They have more basic accounts for $30 a year. I can send mail through them using “receive before send” authentication on a non-standard port as much as I want, and because they are very careful with their mail server operation my outgoing mail is less likely to be flagged as spam.
The German political spam fiasco last week was another good example that something needs to be done, and the solution has to be a technical one. As solutions go, what the FTC is proposing seems balanced. It _may_ contribute to some ISPs deciding to implement something very unreasonable, but some ISPs already do that and competition remains the best way to sort that out.
Re: Not that unreasonable
Unfortunately, there are many cases where it is not possible or practical to use port 587 instead of 25(see RFC 2476). This is why ISP’s themselves generally use port 25 and the FTC only suggests “explore implementing Authenticated SMTP on port 587”. And once ISP’s decide to block a port as a matter of policy very few are willing to unblock it upon request.
As to competition sorting it out, that’s why the FTC wants to pressure all ISP’s to block so there will be none that don’t. Of course, it’s not like there is much real broadband competition in the US anyway.