ISP port blocking practice

Franck Martin franck at genius.com
Sun Sep 5 23:28:51 CDT 2010


----- Original Message -----
> From: "Owen DeLong" <owen at delong.com>
> To: "Jon Lewis" <jlewis at lewis.org>
> Cc: "NANOG list" <nanog at nanog.org>
> Sent: Monday, 6 September, 2010 3:06:29 PM
> Subject: Re: ISP port blocking practice
> On Sep 5, 2010, at 6:18 PM, Jon Lewis wrote:
> 
> > On Sun, 5 Sep 2010, Claudio Lapidus wrote:
> >
> >>> If I block port 25 on my network, no spam will originate from it.
> >>> (probablly) The spammers will move on to a network that doesn't
> >>> block their
> >>> crap. As long as there are such open networks, spam will be
> >>> rampant. If,
> >>> overnight, every network filtered port 25, spam would all but
> >>> disappear.
> >>>  But spam would not completely disappear -- it would just be
> >>>  coming from
> >>> known mailservers :-) thus enters outbound scanning and the
> >>> frustrated user
> >>> complaints from poorly tuned systems...
> >>
> >> That won't be probably the case. Here recently we conducted a
> >> rather
> >> comprehensive analysis on dns activity from subscribers, and we've
> >> found that in IP ranges that already have outgoing 25 blocked we
> >> were
> >> still getting complaints about originating spam. It turned out that
> >> the bots also know how to send through webmail, so port 25 blocking
> >> renders ineffective there.
> >
> > Anti-spam is a never ending arms race. Originally, the default
> > config for most SMTP servers was to relay for anyone. 10 years ago,
> > sending spam through open SMTP relays was quite common. Eventually,
> > the default changed, nearly all SMTP relays now restrict access by
> > either client IP or password authentication, and the spammers
> > adapted to open proxies. Today, nobody in their right mind sets up
> > an open HTTP proxy, because if they do, it'll be found and abused by
> > spammers in no time. These too have mostly been eliminated, so the
> > spammers had to adapt again, this time to botted end user systems.
> >
> > Getting rid of the vast majority of open relays and open proxies
> > didn't solve the spam problem, but there'd be more ways to send spam
> > if those methods were still generally available. The idea that doing
> > away with open relays and proxies was ineffective, so we may as well
> > not have done and should go back to deploying open relays and open
> > proxies it is silly.
> >
> Doing away with open relays and open proxies didn't really interfere
> with
> legitimate traffic on a meaningful level.
> 
> Blocking outbound SMTP is causing such problems.
> 
> If a better job was done of blocking only 25, perhaps this would be
> less so.
> 
> Unfortunately, many hotel networks and such are doing one or more of
> the
> following:
> 
> Blocking ALL SMTP ports (25, 465, 587)
> Blocking SSH in some cases (fortunately rare, rendering the SMTP thing
> mostly easy to work around)
> Blocking IMAPs (while leaving IMAP open?!?)
> Blocking POP3s (while leaving POP3 open?!?)
> Blocking just about everything except 80 and 443
> 
> The absolute worst ones are proxying ALL SMTP traffic to their server
> whether it is the
> address you tried to relay through or not. Generally the ones that
> have done this have
> cited the complaints they got from outright blocking SMTP as the
> reason they felt the
> need to do so. When I pointed out that not blocking SMTP and only
> blocking 25 could
> be a viable alternative, they basically laughed at me.
> 
> The question isn't just what is or isn't effective, or, even how much
> it reduces spam
> complaints. There is also the question of how much legitimate traffic
> suffers collateral
> damage in your spam mitiigation techniques.
> 

They do even worse, they charge you USD30 a day for Internet when you have already paid USD250 for the room.

I'm not obliging you to stay at these hotels... Read customers review...and write some...




More information about the NANOG mailing list