ISP port blocking practice

Brett Frankenberger rbf+nanog at panix.com
Mon Sep 6 08:22:05 CDT 2010


On Sun, Sep 05, 2010 at 09:18:54PM -0400, Jon Lewis wrote:
>
> Anti-spam is a never ending arms race.  

That's really the question at hand here -- whether or not there's any
benefit to continuing the "never ending arms race" game.  Some people
think there is.  Others question whether anything is really being
accomplished.  Certainly we're playing it out like an arms race -- ISPs
block something, spammers find a new way to inject spam, and so on. 
The end result of lots of time spend on blocking thins, less
functionality for customers ... but no decrease in spam.

> Originally, the default config  
> for most SMTP servers was to relay for anyone.  10 years ago, sending 
> spam through open SMTP relays was quite common.   Eventually, the default 
> changed, nearly all SMTP relays now restrict access by either client IP 
> or password authentication, and the spammers adapted to open proxies.  
> Today, nobody in their right mind sets up an open HTTP proxy, because if 
> they do, it'll be found and abused by spammers in no time.  These too 
> have mostly been eliminated, so the spammers had to adapt again, this 
> time to botted end user systems.
>
> Getting rid of the vast majority of open relays and open proxies didn't  
> solve the spam problem, but there'd be more ways to send spam if those  
> methods were still generally available.  The idea that doing away with  
> open relays and proxies was ineffective, so we may as well not have done  
> and should go back to deploying open relays and open proxies it is silly.

Is it?  It's likely true that the amount of span sent through open
relays today is smaller than the amount of spam send through open
relays 10 years ago.  If the objective is "less spam via open relays",
closing down open relays was a raging success.  But that's not the
objective.  The objective is less spam, and there's certainly not less
spam today than there was 10 years ago.

Of course, those who worked to close open relays might argue that there
would be even more spam today if there were still open relays.  But
they don't know that and there's no real evidence to support that.

The theory behind closing open relays, blocking port 25, etc., seems to
be:
(a) That will make it harder on spammers, and that will reduce spam --
some of the spammers will find other other ways to inject spam, but
some will just stop, OR
(b) Eventually, we'll find technical solutions to *all* the ways spam
is injected, and then there will be no more spam.

There's little evidence for either.

     -- Brett




More information about the NANOG mailing list