ingress SMTP

Nicholas Suan nsuan at nonexiste.net
Wed Sep 3 11:58:53 CDT 2008


On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:

> On Wed, Sep 03, 2008 at 09:40:20AM -0700, Michael Thomas wrote:
>>> "Allowing unfiltered public access to port 25 is one of the things  
>>> that
>>> increases everyone's spam load, and your ISP is trying to be a Good
>>> Neighbor in blocking access to anyone's servers but their own;  
>>> many ISPs
>>> are moving towards this safer configuration. We're a good  
>>> neighbor, as
>>> well, and support Mail Submission Protocol on port 587, and here's  
>>> how
>>> you set it up -- and it will work from pretty much anywhere  
>>> forever."
>>
>> I think this all vastly underrates the agility of the bad guys. So  
>> lots of
>> ISP's have blocked port 25. Has it made any appreciable difference?
>> Not that I can tell. If you block port 25, they'll just use another  
>> port and
>> a relay if necessary.
>
> You're forgetting that 587 *is authenticated, always*.
>

I'm not sure how that makes much of a difference since the usual spam  
vector is malware that has  (almost) complete control of the machine  
in the first place.




More information about the NANOG mailing list