In many countries, the presence of bots consume a non-trivial amount of bandwidth. In developing countries, this is a non trivial amount of $$$ (http://mobile.slashdot.org/story/10/09/05/1620212/UN-Tech-Group-Finds-Most-E...) Blocking port 25 allows to help identify which hosts are consuming bandwidth (likely to have a bot). Identifying and removing these hosts from the network is crucial and economically viable, unfortunately these are skills sometimes not available in such countries. Just saying... ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "North American Operators' Group" <nanog@nanog.org> Sent: Monday, 6 September, 2010 12:11:16 PM Subject: Re: ISP port blocking practice Composed on a virtual keyboard, please forgive typos. On Sep 6, 2010, at 1:36, Claudio Lapidus <clapidus@gmail.com> wrote:
Hello all,
On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfbeam@gmail.com> wrote:
If I block port 25 on my network, no spam will originate from it. (probablly) The spammers will move on to a network that doesn't block their crap. As long as there are such open networks, spam will be rampant. If, overnight, every network filtered port 25, spam would all but disappear. But spam would not completely disappear -- it would just be coming from known mailservers :-) thus enters outbound scanning and the frustrated user complaints from poorly tuned systems...
That won't be probably the case. Here recently we conducted a rather comprehensive analysis on dns activity from subscribers, and we've found that in IP ranges that already have outgoing 25 blocked we were still getting complaints about originating spam. It turned out that the bots also know how to send through webmail, so port 25 blocking renders ineffective there.
I believe you have confused "not 100% effective" with "ineffective". And webmail is but one additional vector. Bots know how to use smarthosts, corporate e-mail, triangulation, etc. If you gave up on each because one step did not solve the problem, you would have no chance at a solution. When you unblocked port 25, did spam complaints go up or down? There are a great many providers who have evidence that port 25 blocking lowers complaints even if there are bots that know their way around it. Second, assume you can wave a magic wand and block all webmail access. Do you honestly believe the bots will not use port 25 to send spam directly? Security requires layers. And it is a bit shocking how many people do not realize this. -- TTFN, patrick