Best of the ISP-Lists

MSN Cuts Off Spam and Others

Now that the Microsoft Network (MSN) and Hotmail have yielded to pressure from the Realtime Blackhole List (RBL) to probit e-mail relay, members of the ISP-Webhosting list find some clients cannot access their accounts.

[April 16, 2001]

On the ISP-Tech list in April, KM warned,

"When a hosting client of mine discovered they could no longer send email, I spent half an hour trying to troubleshoot the problem until they referred me to this URL. It seems MSN will no longer let you send email from other accounts. Any comments?"

A number of respondents leapt forward in MSN's defense:

[PC observed] "MSN is doing what I set up on our network about two years ago. At our gateway router, we block port 25 traffic initiated by IP addresses in use on our dialup pool. Dialups must relay their mail through our SMTP server. The effect is that spammers who buy our accounts cannot use direct delivery, and companies can't hide servers behind a dialup proxy or NAT system.

We provide dialup access for a particular class of use. If you want corporate access, pay for corporate access, and don't try to defraud us or use us to send spam. If a customer wants to use multiple dialup providers, he should have dialup profiles that allow use of different SMTP servers. An interesting side effect is that none of our customers are able to propagate the Hybris worm to anyone but our own customers."

[KM added] "This is a good thing. It should have a beneficial effect in reducing the relay spam originating from dialup users. I always advise hosting clients to use the SMTP server of the provider they get access through, because my server will not relay their mail unless they have a static IP that I've specifically excepted."

[JT agreed] "I do the exact same thing. I'm surprised it took MSN this long to see the light."

Others contended that it'll just make life more difficult:

[RS noted] "It will be a big help to reduce spam, but a major pain for third party ISPs. If you were an MSN user and had your domain hosted by my company, you could not send email from your domain."

[JL agreed] "In which case, you've got a golden opportunity to get those customers of yours to ditch MSN and start using your own e-mail services, yes?"

[SB added] "Depending on your customer types, this isn't necessarily a good thing. Indeed, it can be a real pain.

For example: global roaming. We target mainly small and medium business users, notably those who roam. Roamers basically don't know which ISP they may be calling in a particular location. Their mail client software is therefore set to use our servers for sending mail, no matter where in the world they dial (we're using SMTP AUTH and so forth to avoid being an open relay).

If a roaming access ISP blocks outbound SMTP access from dial ports, visiting roaming users won't be able to communicate with their 'home' ISP to send mail."

[JB replied] "Run another SMTP AUTH MTA process on another port, like port 26. Outlook allows you to set which port to connect to for SMTP."

[SS added] "RFC 2476 actually allows for a Message Submission protocol to be running on port 587. It's SMTP, but the RFC says that port 587 connections must be authenticated, so you know you won't be relaying for people who aren't your customers and aren't authorized to relay through you. Blindly relaying for anyone is not good. Relaying for your own customers, of course, is fine."

—End