Block everyone’s email?
A few days ago, we did the unthinkable (at least unthinkable for Pakistan). We (as in Dancom’s network operations team) blocked all the outgoing email of our customers and not just for a limited time period. This is permanent. If that sounds extreme, then it was, but this is where things are headed, judging by the current state of email and we’re probably the first to implement something like this in Pakistan.
Lately, there has been an explosive increase in spam (or unsolicited email) and this is causing problems not just for those on the receiving end of things. Gone are the days when we had to explain to customers sending out bulk marketing emails that this was a bad practice and not business as usual. Or convince those running open relays to fix their servers. These days, spammers employ hundreds or thousands of infected user systems to do their bidding, usually without the user knowing there is anything wrong apart from the hefty bandwidth bill and the subsequent blocking of all their outgoing email.
Pakistan is already notorious for being a source of spam and the long term effects of letting this continue would be devastating. Services such as Spamcop regularly list our customers’ IP addresses and the abuse reports sent to us are becoming too numerous to act upon in an effective manner. With limited IP pools, this poses a threat of rendering whole blocks of them as blacklisted and the possibility (remote as it may be) of one day having the whole country’s email traffic blocked by the rest of the world due to the overwhelming spam.
A brief description of what we have done can be found on this excellent Wikipedia resource about anti-spam techniques and the Beeb published a couple of articles some time back on the surge in the number of hijacked systems and malicious code rise driven by web. Most of the users we encounter, however, do not understand any of these and fight tooth and nail to put the blame on the vendor or service provider instead of managing their own security properly.
So if we are blocking everyone’s outgoing email, do we expect customers to stick to using Yahoo and Gmail? No, they set our state-of-the-art SMTP server, with some excellent anti-spam features, as their outgoing server. Seems simple enough, but the main problem arises when people just refuse to change their settings or are running their own mail server, yet lack the knowledge of configuring it properly. Something that I am getting tired of hearing is exempt me from this change or I’ll switch to another service provider. We can off course make the exemption, especially for corporate customers, though we also have to make it clear to them that they themselves are responsible for their own IP address or pool of addresses.
Internet Service Providers
This brings me to my rant about ISPs in Pakistan. Policies, like the one above, happen to be common in a number of European and East Asian countries where best practices generally take precedence over temporarily pleasing the customer. Unfortunately, in this country, customers are usually ignorant of anything that contains even a slight touch of technicality, yet hate to admit that they don’t know something and that it is best to trust in the judgement of the experts. Then there is a lack of real collaboration and cooperation between ISPs which causes some serious issues.
While in other places, large service providers form consortiums to have their demands met and to agree upon policies and standards, here they are divided and weak. Despite a potential customer base of at least tens of millions of users, we are forced to stick to low speed packages that charge by the Megabyte and are only within reach of a tiny percentage of the population. The customer and our upstream provider have the say in everything and there is little that the ISP can do about it.
If we could join forces and make important decisions (like the one above) together, it would eradicate the common threat that customers give about switching to another ISP as well as increasing the integrity of Pakistan’s overall Internet infrastructure. Both the commercial and technological long-term benefits of this type of collaboration could be huge.
I have already talked to one technical head from another ISP with positive results and am planning on getting in touch with the others. At the minimum, we can start off with a mailing list to discuss these things and move forward from there. Tee Em? The rest? Hope to hear from you soon.