Composed on a virtual keyboard, please forgive typos. On Sep 6, 2010, at 1:36, Claudio Lapidus <clapi...@gmail.com> wrote:
> Hello all, > > On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfb...@gmail.com> wrote: >> >> If I block port 25 on my network, no spam will originate from it. >> (probablly) The spammers will move on to a network that doesn't block their >> crap. As long as there are such open networks, spam will be rampant. If, >> overnight, every network filtered port 25, spam would all but disappear. >> But spam would not completely disappear -- it would just be coming from >> known mailservers :-) thus enters outbound scanning and the frustrated user >> complaints from poorly tuned systems... >> > > That won't be probably the case. Here recently we conducted a rather > comprehensive analysis on dns activity from subscribers, and we've > found that in IP ranges that already have outgoing 25 blocked we were > still getting complaints about originating spam. It turned out that > the bots also know how to send through webmail, so port 25 blocking > renders ineffective there. I believe you have confused "not 100% effective" with "ineffective". And webmail is but one additional vector. Bots know how to use smarthosts, corporate e-mail, triangulation, etc. If you gave up on each because one step did not solve the problem, you would have no chance at a solution. When you unblocked port 25, did spam complaints go up or down? There are a great many providers who have evidence that port 25 blocking lowers complaints even if there are bots that know their way around it. Second, assume you can wave a magic wand and block all webmail access. Do you honestly believe the bots will not use port 25 to send spam directly? Security requires layers. And it is a bit shocking how many people do not realize this. -- TTFN, patrick
