ISP port blocking practice

Owen DeLong owen at delong.com
Fri Sep 3 07:12:01 CDT 2010


On Sep 2, 2010, at 8:54 PM, Patrick W. Gilmore wrote:

> On Sep 2, 2010, at 11:48 PM, Owen DeLong wrote:
> 
>> We should be seeking to stop damaging the network for ineffective anti spam measures (blocking outbound 25 for example) rather than to expand this practice to bidirectional brokenness.
> 
> Since at least part of your premise ('ineffective anti-spam measures') has been objectively proven false to fact for many years, I guess we can ignore the rest of your note.
> 
Really?  So, since so many ISPs are blocking port 25, there's lots less spam hitting our networks?
That's really news to me... I'm still seeing an ever increasing number of attempts to deliver spam on my mailservers.

I'd say that it has been pretty ineffective.

> Also, just so everyone doesn't think I'm in favor of "damaging" the network, I would much prefer a completely open 'Net.  Who wouldn't?  Since that is not possible, we have to do what we can to damage the network as little as possible.  Port 25 blocking is completely unnoticeable to something on the order of 5-nines worth of users, and the rest should know how to get around it with a minimum of fuss (including things like "ask your provider to unblock" in many cases).
> 
Not really true. First, i dispute your 5-nines figure, second, yes, i can usually get around it, but seems each network requires a different workaround. Since, like many of us, I use a lot of transient networks, having to reconfigure for each unique set of brokenness is actually wasting more of my time than the spam this brokenness was alleged to prevent.

I suppose I should just shut up and run an instance of my SMTP daemon on port 80. After all, since IPv4 addresses are so abundant, rather than use port numbers for services, let's use IP addresses and force everything to ports 80 and 443.

Owen





More information about the NANOG mailing list