ISP port blocking practice

Scott Howard scott at
Sun Sep 12 01:29:11 UTC 2010

On Sun, Sep 5, 2010 at 8:06 PM, Owen DeLong <owen at> wrote:

> Doing away with open relays and open proxies didn't really interfere with
> legitimate traffic on a meaningful level.
> Blocking outbound SMTP is causing such problems.

You keep saying this, but can you provide any examples of situations where
ISP that have done this RIGHT, and have caused anything more than a very
minor inconvenience to a very small percentage of their users, and no impact
at all to the rest?

Nobody is talking about blocking port 465 or 587 as being a good thing -
only port 25.

I've been involved with multiple ISPs in multiple countries that have
implemented port 25 blocking.  Those that did it right (dynamic IPs only,
self opt-out, communication, etc) all reported sufficiently small volumes of
end-user problems that it could almost be considered noise in the normal
support load.

If a better job was done of blocking only 25, perhaps this would be less so.

Name an ISP that is blocking port 465 or 587?  Not a hotel or a library -
but an ISP.

The question isn't just what is or isn't effective, or, even how much it
> reduces spam
> complaints. There is also the question of how much legitimate traffic
> suffers collateral
> damage in your spam mitiigation techniques.

>From the data I have, which comes from multiple implementations of blocking,
it is very clear that the answer is that it had a significant impact on the
amount of spam being originated from the network, and with very little to
zero collateral damage.

To a large extent, this isn't about the impact that such changes have on the
total global volume of spam being sent - and if you think it is you're
missing the point.  This is about ISP taking an interest in stopping spam
originating from their network, and getting themselves off the various "Top
10 spammers" lists (hello Telefonica, are you listening?).  If you're not
taking an interest in the spam that's originating from your network, then
you're a part of the problem (and given that only a few weeks ago people on
spam-l were discussing blocking all oh HE... well...)


More information about the NANOG mailing list