ISP port blocking practice

Owen DeLong owen at delong.com
Sun Sep 5 21:43:27 CDT 2010


On Sep 5, 2010, at 10:36 AM, Claudio Lapidus wrote:

> Hello all,
> 
> On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfbeam at gmail.com> wrote:
>> 
>> If I block port 25 on my network, no spam will originate from it.
>> (probablly) The spammers will move on to a network that doesn't block their
>> crap.  As long as there are such open networks, spam will be rampant.  If,
>> overnight, every network filtered port 25, spam would all but disappear.
>>  But spam would not completely disappear -- it would just be coming from
>> known mailservers :-)  thus enters outbound scanning and the frustrated user
>> complaints from poorly tuned systems...
>> 
> 
> That won't be probably the case. Here recently we conducted a rather
> comprehensive analysis on dns activity from subscribers, and we've
> found that in IP ranges that already have outgoing 25 blocked we were
> still getting complaints about originating spam. It turned out that
> the bots also know how to send through webmail, so port 25 blocking
> renders ineffective there.
> 
> --cl.

Perhaps a new BCP is coming from MAAWG suggesting we now
block outbound port 80.

Owen





More information about the NANOG mailing list