Hacker News new | comments | show | ask | jobs | submit login

I work at an ISP, and this is absolutely true. Sometimes our mail servers get hammered, and we need to modify our blacklist to include servers, netblocks, and/or entire countries(!) at a time. In order to know what to block, we need to be able to know who is emailing whom. Sometimes, it's one of our customers, and we can call them up and tell them their box is owned. This kind of intrusive access is only used for maintenance, and without it we literally couldn't keep the mail servers online.

If the traffic is terminating on your own servers you in no way need deep packet inspection to determine the source of traffic and its nature. Even if the traffic wasn't terminating on your machines, you don't need DPI to determine src and dst ip:port tuples. Which is all you need to do what your suggesting.

My comment isn't about DPI specifically, but a whole range of intrusive monitoring policies at ISPs. In order to determine the originator of an email, you have to read (at least) the email headers. The IP address of the last hop is not that useful in routing email.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact