nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The End-To-End Internet (was Re: Blocking MX query)

From: Sean Harlow <sean () seanharlow info>
Date: Wed, 5 Sep 2012 11:49:02 -0400
On Sep 5, 2012, at 11:11, Izaac wrote:


This is why tcp port 25 filtering is totally effective and will remain so
forever.  Definitely worth breaking basic function principles of a
global communications network over which trillions of dollars of commerce
occur.


Two things to note:

1. Restricting outbound port 25 is nothing new.  It's been in use since before SPF or DKIM were under development, yet 
it hasn't been defeated/bypassed.  Henry didn't specify whether the DKIM-valid messages he received were forged or if 
they just came from a random spam domain.  If the latter, of course that's trivial for spammers to make appear 
legitimate because the only goal of such systems is to verify that the sender controls or is approved by the domain the 
message claims to be from.

2. The reason port 25 blocks remain effective is that there really isn't a bypass.  If you want to spam, at some point 
you must establish a TCP connection to port 25 on the destination mail server.  You can either do this from your own 
machines (where a good hosting provider will cut you off in a hurry) or by using someone else's illegitimately.  
Servers tend to be located in datacenters where again a good provider will take action, so botted end-user machines are 
obviously a huge thing to spammers.  Eliminate the ability for the majority of those bots to make said port 25 
connections, you've now forced them in to a much smaller operating area where they're more likely to be found.  The 
only "bypass" is to go back to using their own machines or compromised equipment on higher-grade connections.

---
Sean Harlow
sean () seanharlow info
Previous By Date Next
Previous By Thread Next

Current thread: