ISP port blocking practice

Justin Shore justin at
Fri Oct 23 22:43:32 UTC 2009

Dan White wrote:
> On 23/10/09 17:58 -0400, James R. Cutler wrote:
>> Blocking the well known port 25 does not block sending of mail. Or the
>> message content.
> It does block incoming SMTP traffic on that well known port.

Then the customer should have bought a class of service that permits 

>> I think the relevant neutrality principle is that traffic is not blocked
>> by content.
> My personal definition doesn't quite gel with that. You're deciding for the
> customer how they can use their connection, before you have any evidence of
> nefarious activity.

They decided for themselves when they bought a residential connection 
instead of a business circuit.  Just because someone bought themselves a 
Camry doesn't mean that Toyota is deciding for them that they can't haul 
1000lbs of concrete with it.  The customer did when they decided to buy 
a car and not a pickup.

> Would you consider restricting a customer's outgoing port 25 traffic to a
> specific mail server a step over the net neutrality line?

I do this all the time.  For example I don't let my customers send or 
receive mail (or any traffic for that matter) from prefixes originating 
from AS32311 (Colorado spammer Scott Richter).  Now if I was blocking 
mail to,,, etc or restricting Vonage to 
.05% of my bandwidth then yeah that would violate net neutrality 
principles.  The difference is one stifles speech and is 
anti-competitive.  The other mitigates a network security and stability 

I see this same argument on Slashdot all too often.  It's usually 
bundled with an argument against providers doing any sort of traffic 
aggregation ("if I buy 1.5Mbps then it should be a dedicated pipe 
straight to the Internet!")  Unfortunately that's simply not reality. 
You can either live with a small level of controls on your traffic for 
the sake of stability and security or you can have wide-open ISPs with 
no security prohibitions whatsoever.  The support costs for the ISPs go 
through the roof and of course that gets passed onto the customer.  Your 
5 9s SLA gets replaced with "use it while you can before it goes down 
again".  Everyone pays a penalty for having a digital Wild West.  Not to 
start another thread on a completely OT topic but the same concept can 
be applied to other things like health care.  Either everyone can pay a 
little bit for all to have good service or many average consumers can 
pay lots to make up the losses for those that can't pay at all.


More information about the NANOG mailing list