ISP port blocking practice

Jack Bates jbates at
Fri Sep 3 14:03:19 UTC 2010

Patrick W. Gilmore wrote:
>> Yes... Many of the idiots that block outbound 25 also block outbound 587 and sometimes 465.
> Could you point to more than one instance?  I've not yet found one.  And I think I spend at least as much time in hotels & 3G & airports & etc. as you anyone else here.

I can't remember the ISP, but yes, I've run across this. I had to have 
my helpdesk inform the customer that they'll have to complain and gripe 
at the ISP they were using or make other arrangements as I only support 
25/587 (customer didn't want to use webmail).

Problem is, people hear "block ports", they get in the habit, and the 
next thing you know, they are blocking ports out of ignorance with no 
comprehension of what they are breaking.

I'd much rather see rate detection setups that let me send however I 
want, but limit the connections per time interval. It implies that some 
thought might go into determining the rates. Of course, the only setup 
I've done like this in testing in my network involved flow analyzers and 
dynamic acl's.


More information about the NANOG mailing list