Archived from groups: alt.internet.wireless (
More info?)
"gary" <pleasenospam@sbcglobal.net> wrote in message news:<pU_Ec.9778$Rj6.5138@newssvr22.news.prodigy.com>...
[CHOMP]
> This analogy is flawed, because you are generally supported by an email
> server belonging to the ISP with whom you have a contract. The ISP in turn
> has contracts with other providers for internet backhaul. Any intermediate
> servers that process your IP transactions are ultimately paid for by you, in
> your monthly fee - and they are all legitimately accessed under a whole
> chain of interlocking contracts, stretching back to you. If you have web
> email, the website owner is paying for commercial backhaul, and has a
> contractual right to put up a website that says, "use my email, please". In
> this case, the contractual chain probably stops with the website owner, who
> has an explicit contract right to allow you access to email service.
I don't see how my contractual agreement with my ISP creates a granting of
permission between myself and a third party who has a mail server, unless
my ISP has a specific agreement with that third party (e.g. Verizon and MSN).
> And yes, you also need explicit permission. Your contract with the ISP gives
> it. You cannot reach any server owned by your ISP without the IP address. In
> reality, most of the addresses are well-known, but if a nonsubscriber asks,
> companies like Timer Warner will not usually give out these addresses. Most
> ISP servers disable email relay so that you cannot originate email on their
> servers from outside their subnet. You can retrieve it, but if you're not a
> subscriber, there's nothing to retrieve.
And turning off email relaying is the same as turning on WEP or MAC
filtering (probably more akin to the latter than the former); it's a
machine-readable way of saying, "No, you don't have permission to use
this service." For what it's worth, Time-Warner does give out these
addresses...go to http://www.help.rr.com/, go through the "select
your area" prompt, skip the email customization, and there's a prominient
link to "Server Addresses", revealing that the SMTP server has a DNS name
of smtp-server.sw.rr.com, which resolves to 24.93.40.21. In many cases,
those outgoing mail servers will also be listed as MX records in the ISP's
DNS, so it's quite possible to find many of them without even visiting
support webpages and such.
I would assert that, particularly if an outgoing mail server is listed as an
MX server, that connecting to it and attempting to send mail is
implicitly granted by the simple fact that TCP port 25 is accepting
connections. If I was running an ISP and had my own outgoing mail
servers, it would be completely reasonable for me to look up the
MX records for a domain and connect to port 25 of that domain's
mail server without first contacting the other ISP and getting explicit
permission to do so. The act of connecting the server to the
Internet with port 25 open and the server address broadcast either
via webpage or via MX records seems to be more than sufficient
of an invitation to connect to that server for the purpose of sending
legit email. If that server then accepts the mail for delivery (either
as the destination MX or as a relay), then it has indicated by a
technical means that the user has permission to send email.
More generally, we have an established standard (per IANA assigned
ports, SMTP RFCs, and DNS RFCs) to let computers find available
services without direct human interaction (particularly, no specific
request or explicit permission granted by one human to another).
Those standards also provide specific technical means to deny
permission (block port 25, by IP range if desired, and reject mail
from sources deemed to be undesirable, for example).
To me, that seems rather similar to the situation with WiFi--we have
established standards for providing notice of an available wireless
network (broadcasting SSID, possibly in addition to signs or whatnot
if desired), and established standards for limiting access (WEP, MAC
filtering, and/or captive gateways that allow unknown clients to associate
with the network but not to get anywhere).
The obvious difference I do see between SMTP and WiFi is that it's
much harder to walk into {your favorite big box store here}, buy
a piece of hardware, go home, and plug it in to establish a
publicly-accessible service (particularly with MX records).
If your primary goal is then to avoid "stealing a network", the
most correct course of action would probably be to investigate
further before using a network for which you have only implicit
permission (in the form of the broadcast SSID, no MAC filtering,
and no WEP). However, the "reasonable person" standard would
suggest that just using an available network is generally legal
(on the assumption that most people, who are not particularly
informed about the details of 802.11 and who do not want to
be informed about the details of 802.11, would respond to
an available network connection by either thinking, "cool,
I have a connection" or just assuming that it was one they had
permission to use (possibly even thinking that it was one they
had used elsewhere, based on my experience trying to
explain the difference between cell-based data service and
802.11b to non-technical folks)).
[CHOMP--convoluted open-door of house analogy]
> As for the commercial example, the only question left is, does the owner
> have the right? Well, if the cable company agrees to hook up cable in a
> bar - and I guarantee they know it's a bar, even if they don't roll a
> truck - I think that can be construed as permission. In fact, I would guess
> that businesses with TVs in public areas have some kind of commercial
> agreement that explicitly allows it. Even if they don't, the cable company
> clearly has knowledge and allows it, which is permission.
Unless the final user has a specific reason to think that the
provider does not have the right to share some service with them,
would the legitimacy of their use ever depend on the agreement
between two other parties? If they don't have a third-party responsibility
of some sort, any AUP agreed to by the party providing the WiFi access
(or the mail server access, in the analogy earlier) does not apply to
the final user, although the final user's violation of it could quite
reasonably be an actionable breach of contract on the part of the
ISP's customer (who is providing the access).