short Botnet list and Cashing in on DoS

James Baldwin jbaldwin at
Sun Oct 10 19:06:17 UTC 2004

Pardon for my possibly ill informed interjection. I was under the 
impression that the current wind was blowing towards filtering outbound 
port 25 traffic while allowing outbound authenticated port 587 traffic? 
The though being that while this was not a FUSSP, it help to prevent 
unauthenticated "direct to mx" abuses.

On 10 Oct 2004, at 03:24, Mark Andrews wrote:
> In the US there is even more insentive to bypass the ISP's servers.  
> Look are the way they have interpreted the wire tap laws.

This would allow customers to access remote mail servers to avoid ISPs 
who agree with the (mis)interpretation of the wire tap laws.

On 9 Oct 2004, at 23:40, Alexei Roudnev wrote:
> Because I am running my own SMTP server @ FreeBSD, for example. It is 
> MY concern, not ISP concern.

Customers (mis)use of their connection is always the ISPs concern. If 
you are paying a premium for a Pure Pipe (tm), then yes, the way your 
server functions is your concern, however, since your actions directly 
influence how other networks accept or deny mail from your ISP as a 
whole it is very much their concern how you use your connection.

On 9 Oct 2004, at 15:45, Paul Vixie wrote:
> blocking port 25 will make legitimate smtp permanently hard to use, 
> while making non-
> legitimate smtp temporarily hard to use.

I disagree, it will temporarily cause many, many people to have broken 
implementations and temporarily increase load tremendously on call 
centers. Working for an ISP that does port 25 filtering has not 
negatively impacted our users ability to use SMTP in any permanent 

I don't under estimate the ability of software vendors and ISPs to roll 
out new requirements for SMTP to customers in a relatively painless 
fashion. Our ISP is currently making the transition from SMTP to 
Authenticated SMTP (we will be discontinuing the former) and I would 
see implementing port 25 blocking in much the same light with regards 
to implementation cost and the increased difficulty of using SMTP 

I agree that BCP 38 should be implemented. I agree that BCP 38 will 
have a greater affect on network abuse than port 25 filtering. They 
both have their place and address to partially overlapping groups of 
abuse imho.

More information about the NANOG mailing list