ISP port blocking practice
justin at justinshore.com
Fri Oct 23 22:43:32 UTC 2009
Dan White wrote:
> On 23/10/09 17:58 -0400, James R. Cutler wrote:
>> Blocking the well known port 25 does not block sending of mail. Or the
>> message content.
> It does block incoming SMTP traffic on that well known port.
Then the customer should have bought a class of service that permits
>> I think the relevant neutrality principle is that traffic is not blocked
>> by content.
> My personal definition doesn't quite gel with that. You're deciding for the
> customer how they can use their connection, before you have any evidence of
> nefarious activity.
They decided for themselves when they bought a residential connection
instead of a business circuit. Just because someone bought themselves a
Camry doesn't mean that Toyota is deciding for them that they can't haul
1000lbs of concrete with it. The customer did when they decided to buy
a car and not a pickup.
> Would you consider restricting a customer's outgoing port 25 traffic to a
> specific mail server a step over the net neutrality line?
I do this all the time. For example I don't let my customers send or
receive mail (or any traffic for that matter) from prefixes originating
from AS32311 (Colorado spammer Scott Richter). Now if I was blocking
mail to dnc.org, gop.com, greenpeace.org, etc or restricting Vonage to
.05% of my bandwidth then yeah that would violate net neutrality
principles. The difference is one stifles speech and is
anti-competitive. The other mitigates a network security and stability
I see this same argument on Slashdot all too often. It's usually
bundled with an argument against providers doing any sort of traffic
aggregation ("if I buy 1.5Mbps then it should be a dedicated pipe
straight to the Internet!") Unfortunately that's simply not reality.
You can either live with a small level of controls on your traffic for
the sake of stability and security or you can have wide-open ISPs with
no security prohibitions whatsoever. The support costs for the ISPs go
through the roof and of course that gets passed onto the customer. Your
5 9s SLA gets replaced with "use it while you can before it goes down
again". Everyone pays a penalty for having a digital Wild West. Not to
start another thread on a completely OT topic but the same concept can
be applied to other things like health care. Either everyone can pay a
little bit for all to have good service or many average consumers can
pay lots to make up the losses for those that can't pay at all.
More information about the NANOG