On Sep 5, 2012, at 11:11, Izaac wrote:

> This is why tcp port 25 filtering is totally effective and will remain so
> forever.  Definitely worth breaking basic function principles of a
> global communications network over which trillions of dollars of commerce
> occur.

Two things to note:

1. Restricting outbound port 25 is nothing new.  It's been in use since before 
SPF or DKIM were under development, yet it hasn't been defeated/bypassed.  
Henry didn't specify whether the DKIM-valid messages he received were forged or 
if they just came from a random spam domain.  If the latter, of course that's 
trivial for spammers to make appear legitimate because the only goal of such 
systems is to verify that the sender controls or is approved by the domain the 
message claims to be from.

2. The reason port 25 blocks remain effective is that there really isn't a 
bypass.  If you want to spam, at some point you must establish a TCP connection 
to port 25 on the destination mail server.  You can either do this from your 
own machines (where a good hosting provider will cut you off in a hurry) or by 
using someone else's illegitimately.  Servers tend to be located in datacenters 
where again a good provider will take action, so botted end-user machines are 
obviously a huge thing to spammers.  Eliminate the ability for the majority of 
those bots to make said port 25 connections, you've now forced them in to a 
much smaller operating area where they're more likely to be found.  The only 
"bypass" is to go back to using their own machines or compromised equipment on 
higher-grade connections.

---
Sean Harlow
s...@seanharlow.info

Reply via email to