The End-To-End Internet (was Re: Blocking MX query)

Izaac izaac at
Wed Sep 5 21:12:07 UTC 2012

On Wed, Sep 05, 2012 at 11:46:34AM -0400, Greg Ihnen wrote:
> On Wed, Sep 5, 2012 at 11:11 AM, Izaac <izaac at> wrote:
> > On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
> > > signature.  They are adaptive, like cockroaches.
> >
> > This is why tcp port 25 filtering is totally effective and will remain so
> > forever.  Definitely worth breaking basic function principles of a
> > global communications network over which trillions of dollars of commerce
> > occur.
> But as someone pointed out further back on this thread people who want to
> have their mail servers available to people who are on the other side of
> port 25 filtering just use the alternate ports. So then what does filtering
> port 25 accomplish?

I suspect your ISP is also stripping <sarcasm> tags.  Let's try it out

   You can tell that tcp port 25 filtering is a highly effective spam
   mitigation technique because spam levels have declined in direct
   proportion to their level of deployment.  Today, we barely see any
   spam on the internet due to amazing ability of these filters to
   prevent bad people from sending bulk email.

Was that properly marked?  Or this one?

   Since tcp25 filtering has been so successful, we should deploy
   filters for everything except tcp80 and tcp443 and maaaybe tcp21 --
   but NAT already does so much to enhance the user experience there
   already.  And what with ISP customers using their provided DNS and
   mail service exclusively, there's no reason to permit udp53, tcp110,
   tcp143, tcp993, tcp995 either.  Really, only evil people use anything
   but the web.  Any other traffic undoubtedly a bot from which they
   ought to be protected.

. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__

More information about the NANOG mailing list