[RndTbl] blocklists (was: Grey-listing in effect on MUUG server)

[Tim Lavoie]

There are a couple of steps which ISPs can do to minimize spam, and
therefore the effects of the related blocking on their users. I'll use
MTS as an example, mainly since I'm familiar with them as a
customer. They seem to be pretty proactive, which happens to be
something I like.

First line of defense: offer software to at least try to block
infections and other mischief. In this case, it's ZoneAlarm Suite,
with firewall, anti-virus, anti-spyware and all the
goodies. Restricting traffc in, out and what programs can run is an
excellent first step. Sure, some folks won't install it, or will check
"OK" every time they're prompted, but it will reduce the flow of
malicious traffic within the ISP's own network.

Second defense: Outbound SMTP has to go through their server, not
direct from random, unpatched Windows boxes which are always
on-line. Malware has started looking for these settings and using them
as well, but it's a choke-point which allows for filtering at the
protocol level. If they decide to do so, it also makes it easier to
detect and cut access to infected systems to protect other
customers. This would also cover email sent by way of web forms and
the like.

Third defense: There is some in-bound filtering, though I don't use
that email account, so I can't attest to its effectiveness.

The end result of this multi-level defense is that an entire ISP has
reduced the chance that its IP range is going to be clobbered by
blocklists. 

Good for the customer, good for the company. As a customer, I can be
reasonably assured that my out-bound email won't be blocked, or if
something happens, won't stay blocked for long. I'm sure other
companies do the same, but obviously many don't.

          Tim