Re: ISP port blocking practice

[Franck Martin <franck () genius com>]

----- Original Message -----
> From: "Owen DeLong" <owen () delong com>
> To: "Jon Lewis" <jlewis () lewis org>
> Cc: "NANOG list" <nanog () nanog org>
> Sent: Monday, 6 September, 2010 3:06:29 PM
> Subject: Re: ISP port blocking practice
> On Sep 5, 2010, at 6:18 PM, Jon Lewis wrote:
>
> > On Sun, 5 Sep 2010, Claudio Lapidus wrote:
> >
> > > > If I block port 25 on my network, no spam will originate from it.
> > > > (probablly) The spammers will move on to a network that doesn't
> > > > block their
> > > > crap. As long as there are such open networks, spam will be
> > > > rampant. If,
> > > > overnight, every network filtered port 25, spam would all but
> > > > disappear.
> > > >  But spam would not completely disappear -- it would just be
> > > >  coming from
> > > > known mailservers :-) thus enters outbound scanning and the
> > > > frustrated user
> > > > complaints from poorly tuned systems...
> > >
> > > That won't be probably the case. Here recently we conducted a
> > > rather
> > > comprehensive analysis on dns activity from subscribers, and we've
> > > found that in IP ranges that already have outgoing 25 blocked we
> > > were
> > > still getting complaints about originating spam. It turned out that
> > > the bots also know how to send through webmail, so port 25 blocking
> > > renders ineffective there.
> >
> > Anti-spam is a never ending arms race. Originally, the default
> > config for most SMTP servers was to relay for anyone. 10 years ago,
> > sending spam through open SMTP relays was quite common. Eventually,
> > the default changed, nearly all SMTP relays now restrict access by
> > either client IP or password authentication, and the spammers
> > adapted to open proxies. Today, nobody in their right mind sets up
> > an open HTTP proxy, because if they do, it'll be found and abused by
> > spammers in no time. These too have mostly been eliminated, so the
> > spammers had to adapt again, this time to botted end user systems.
> >
> > Getting rid of the vast majority of open relays and open proxies
> > didn't solve the spam problem, but there'd be more ways to send spam
> > if those methods were still generally available. The idea that doing
> > away with open relays and proxies was ineffective, so we may as well
> > not have done and should go back to deploying open relays and open
> > proxies it is silly.
> Doing away with open relays and open proxies didn't really interfere
> with
> legitimate traffic on a meaningful level.
>
> Blocking outbound SMTP is causing such problems.
>
> If a better job was done of blocking only 25, perhaps this would be
> less so.
>
> Unfortunately, many hotel networks and such are doing one or more of
> the
> following:
>
> Blocking ALL SMTP ports (25, 465, 587)
> Blocking SSH in some cases (fortunately rare, rendering the SMTP thing
> mostly easy to work around)
> Blocking IMAPs (while leaving IMAP open?!?)
> Blocking POP3s (while leaving POP3 open?!?)
> Blocking just about everything except 80 and 443
>
> The absolute worst ones are proxying ALL SMTP traffic to their server
> whether it is the
> address you tried to relay through or not. Generally the ones that
> have done this have
> cited the complaints they got from outright blocking SMTP as the
> reason they felt the
> need to do so. When I pointed out that not blocking SMTP and only
> blocking 25 could
> be a viable alternative, they basically laughed at me.
>
> The question isn't just what is or isn't effective, or, even how much
> it reduces spam
> complaints. There is also the question of how much legitimate traffic
> suffers collateral
> damage in your spam mitiigation techniques.

They do even worse, they charge you USD30 a day for Internet when you have already paid USD250 for the room.

I'm not obliging you to stay at these hotels... Read customers review...and write some...