Re: ISP port blocking practice

[Owen DeLong <owen () delong com>]

Sent from my iPad

On Sep 3, 2010, at 10:10 PM, John Levine <johnl () iecc com> wrote:

> > Really?  So, since so many ISPs are blocking port 25, there's lots less spam
> > hitting our networks?
>
> It's been extremely effective in blocking spam sent by spambots on
> large ISPs.  It's not a magic anti-spam bullet.  (If you know one,
> please let us know.)
That simply hasn't been my experience. I still get lots of spam from booted hosts in large provider networks, and yes, 
that includes many that block 25. As near as I can tell, 25 blocking is not affecting spammers at all, just legitimate 
users.

There was a time when it was effective, but the spammers have long since adapted. Now we are only breaking the 
Internet. We are no ,onger accomplishing anything ireful. It's pure momentum.

> > workaround. Since, like many of us, I use a lot of transient networks,
> > having to reconfigure for each unique set of brokenness is actually wasting
> > more of my time than the spam this brokenness was alleged to prevent.
>
> Is there some reason you aren't able to configure your computers to use
> tunnels or SUBMIT?  They seem to work pretty well for other people.
Many of the transient networks I deal with block 22, 25, 465, and 587. They also often block protocols 41 and 43 or do 
not provide a public address, rendering those protocols unusable anyway.

Yes, I am now running ssh and s,tp processes on ports 80 and 443 to get around this, but, that consumes an extra 
address for something that should be handled by a port number.

Personally, i'd rather use port numbers for l4 uniqueness rather than IP Addresses.

Owen

> R's,
> John