MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Comcast to Firewall Port 25. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Comcast to Firewall Port 25
by Rattle at 7:38 pm EDT, Jun 14, 2004

] Comcast, the country's largest provider of high-speed
] Internet access, has begun blocking a channel frequently
] exploited by spammers to send out large volumes of
] e-mail, a move that many technologists say was long
] overdue and should be matched by other service providers.

This is not good news. Blocking all traffic with a destination port of 25 ties all email service to the ISP. That's corporate and hosted email servers also. This will cause problems with people who move between networks often. It also makes it easier to monitor email sending.. Its a bad precedent to allow ISPs to block the ability to use services at the network level.

An Internet connection should be a full Internet connection, not one that only allows you to send traffic on certain ports. This is a bad idea in disguise as a good way to stop spam.

Its email that needs to change, not the Internet. The Internet should remain stupid, and treat all ports as equal. It should not have ridged rules imposed upon what can flow over it because of a problem with an application. Taking away user's ability to contact external SMTP server's is a big thing to do for a 20% reduction in spam, which the spammers will adapt to..

RE: Comcast to Firewall Port 25
by bucy at 12:38 am EDT, Jun 15, 2004

Rattle wrote:
] ] Comcast, the country's largest provider of high-speed
] ] Internet access, has begun blocking a channel frequently
] ] exploited by spammers to send out large volumes of
] ] e-mail, a move that many technologists say was long
] ] overdue and should be matched by other service providers.

] Its email that needs to change, not the Internet. The Internet
] should remain stupid, and treat all ports as equal. It should
] not have ridged rules imposed upon what can flow over it
] because of a problem with an application. Taking away user's
] ability to contact external SMTP server's is a big thing to do
] for a 20% reduction in spam, which the spammers will adapt
] to..

1. I think Comcast said they were going to do it adaptively, based
on the "top 10" hosts each day. There is no reason for a random
user to be sending 10000 messages per day from their cable modem.

Maybe a better policy is "firewall port 25 for people that aren't
well-know/well-behaved mail servers and are sending a suspicious volume of mail."

2. I think its fair to say that the vast majority of spam now
comes from consumer broadband connections, especially bot nets of
compromised windows boxes. This could potentially do more
damage than 20% ... if you could get enough of the big broadband providers onboard

Ultimately, I agree that fixing email is the Right Answer ... but
its a really hard and mostly non-technical problem that will take a long time. These days, I'm thinking the majority of spam abatement will come from a few high-profile prosecutions of spammers and the adoption of some sender-authentication scheme. Installing certs on MXes wouldn't be so bad...

Comcast to Firewall Port 25
by bucy at 1:46 pm EDT, Jun 14, 2004

I think maybe the right answer here is to firewall port 25 by
default and turn it back on for people who know what they're doing.