----- Original Message ----- > From: "Owen DeLong" <o...@delong.com> > To: "Jon Lewis" <jle...@lewis.org> > Cc: "NANOG list" <nanog@nanog.org> > Sent: Monday, 6 September, 2010 3:06:29 PM > Subject: Re: ISP port blocking practice > On Sep 5, 2010, at 6:18 PM, Jon Lewis wrote: > > > On Sun, 5 Sep 2010, Claudio Lapidus wrote: > > > >>> If I block port 25 on my network, no spam will originate from it. > >>> (probablly) The spammers will move on to a network that doesn't > >>> block their > >>> crap. As long as there are such open networks, spam will be > >>> rampant. If, > >>> overnight, every network filtered port 25, spam would all but > >>> disappear. > >>> But spam would not completely disappear -- it would just be > >>> coming from > >>> known mailservers :-) thus enters outbound scanning and the > >>> frustrated user > >>> complaints from poorly tuned systems... > >> > >> That won't be probably the case. Here recently we conducted a > >> rather > >> comprehensive analysis on dns activity from subscribers, and we've > >> found that in IP ranges that already have outgoing 25 blocked we > >> were > >> still getting complaints about originating spam. It turned out that > >> the bots also know how to send through webmail, so port 25 blocking > >> renders ineffective there. > > > > Anti-spam is a never ending arms race. Originally, the default > > config for most SMTP servers was to relay for anyone. 10 years ago, > > sending spam through open SMTP relays was quite common. Eventually, > > the default changed, nearly all SMTP relays now restrict access by > > either client IP or password authentication, and the spammers > > adapted to open proxies. Today, nobody in their right mind sets up > > an open HTTP proxy, because if they do, it'll be found and abused by > > spammers in no time. These too have mostly been eliminated, so the > > spammers had to adapt again, this time to botted end user systems. > > > > Getting rid of the vast majority of open relays and open proxies > > didn't solve the spam problem, but there'd be more ways to send spam > > if those methods were still generally available. The idea that doing > > away with open relays and proxies was ineffective, so we may as well > > not have done and should go back to deploying open relays and open > > proxies it is silly. > > > Doing away with open relays and open proxies didn't really interfere > with > legitimate traffic on a meaningful level. > > Blocking outbound SMTP is causing such problems. > > If a better job was done of blocking only 25, perhaps this would be > less so. > > Unfortunately, many hotel networks and such are doing one or more of > the > following: > > Blocking ALL SMTP ports (25, 465, 587) > Blocking SSH in some cases (fortunately rare, rendering the SMTP thing > mostly easy to work around) > Blocking IMAPs (while leaving IMAP open?!?) > Blocking POP3s (while leaving POP3 open?!?) > Blocking just about everything except 80 and 443 > > The absolute worst ones are proxying ALL SMTP traffic to their server > whether it is the > address you tried to relay through or not. Generally the ones that > have done this have > cited the complaints they got from outright blocking SMTP as the > reason they felt the > need to do so. When I pointed out that not blocking SMTP and only > blocking 25 could > be a viable alternative, they basically laughed at me. > > The question isn't just what is or isn't effective, or, even how much > it reduces spam > complaints. There is also the question of how much legitimate traffic > suffers collateral > damage in your spam mitiigation techniques. >
They do even worse, they charge you USD30 a day for Internet when you have already paid USD250 for the room. I'm not obliging you to stay at these hotels... Read customers review...and write some...
