ISP port blocking practice

Claudio Lapidus clapidus at gmail.com
Sun Sep 5 12:36:30 CDT 2010


Hello all,

On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfbeam at gmail.com> wrote:
>
> If I block port 25 on my network, no spam will originate from it.
> (probablly) The spammers will move on to a network that doesn't block their
> crap.  As long as there are such open networks, spam will be rampant.  If,
> overnight, every network filtered port 25, spam would all but disappear.
>  But spam would not completely disappear -- it would just be coming from
> known mailservers :-)  thus enters outbound scanning and the frustrated user
> complaints from poorly tuned systems...
>

That won't be probably the case. Here recently we conducted a rather
comprehensive analysis on dns activity from subscribers, and we've
found that in IP ranges that already have outgoing 25 blocked we were
still getting complaints about originating spam. It turned out that
the bots also know how to send through webmail, so port 25 blocking
renders ineffective there.

--cl.




More information about the NANOG mailing list