On 10/25/2011 10:19 PM, Blake Hudson wrote:
I didn't see anyone address this from the service provider abuse department perspective. I think larger ISP's got sick and tired of dealing with abuse reports or having their IP space blocked because of their own (infected) residential users sending out spam. The solution for them was to block the spam. The cheapest/easiest way to do this was to block TCP 25 between subs and the internet, thus starting a trend. If 587 becomes popular, spammers will move on and the same ISPs that blocked 25 will follow suit. Actually, it doesn't work that way because of what submission is designed to do. I just posted another email about it so I won't repeat it, but basically you should think of blocking port 25 as a list of who's authorized to send emails, not as a port we just killed for fun and we're waiting for the spammers next move.
A better solution would have been to prevent infection or remove infected machines from the network(strong abuse policies, monitoring, give out free antivirus software, etc). Unfortunately, several major players (ATT, for example) went down the road of limiting internet access. Now that they've had a taste, some of them feel they can block other ports or applications like p2p (Comcast), Netflix (usage based billing on Bell, ATT, others).
As an ISP, I liked seeing abuse complaints drop to near zero when we did this. We spent about a month fixing some people who don't use webmail (most regular customers don't use an MUA anymore) and had our share of third-party MTA's that refused to turn on submission (no idea why, these were usually business-class comp accounts so we moved them to a business pool and dropped their acls) but overall we probably had less than 100 calls from doing this and it made our lives easier. Now I know you said you wanted us to be preventative and to treat the problem, but that's just impractical. We got 5000 abuse emails a month for (at the time) ~20k customers. Were 1/4 of them spamming? No, but the ones that were spamming generated automated reports from everyone. None of them were ever legitimate spammers. They were all users who clicked on a funny puppy picture their mom sent, or some other thing that set their computer on fire and had it spitting out gobs of porno links to everyone it could find. So it wasn't a set of problem users, it was just a random sampling of everyone's not-so-PC-savvy relatives. So, lets say we wrote software to collate those reports and got it down to 30 legitimate people (if we're lucky). Do we block their IP's and wait for them to call in then send them to geek squad? Do we try to fix their infected PC over the phone? At this point, no matter what we do they're going to get sent to a tier 2 tech which means at least 2 phone calls and whatever revenue we might have gotten from them is gone for quite a while. We can have one guy tied up all day every day trying to process abuse issues or we can just shut down port 25 and the problem magically disappears. Is their laptop uninfected? No, but they can no longer infect any other customer in our network or anyone elses network, thus reducing global infections. We've made the world a better place and saved ourselves some money. Unfortunately, the first coffee shop they go to that doesn't block port 25 is going to be a new spam source but we can't save them all. It may be possible in the future we'll have a more convenient method to police PC's but the network access controls that exist right now aren't flexible enough to allow different networks to set different policies, so if it's a work laptop and they have a domain administrator then 802.1x might not be possible, and mandating they have firewall or anti-virus turned on (or a specific version/that it's updated, etc) might not be possible. Most customers rail against controls anyway. You don't want port 25 blocked so how would you feel if we mandated you install our ad-ware mcafee client and scanned your computer every 15 minutes? And when you think about it, if the big boys gave up and blocked port 25 and stopped offering free anti-virus and a backrub when you call in, how can we afford to compete with that?
Unfortunately, I don't see the trend reversing. I'm afraid that Internet freedoms are likely to continue to decline and an "Unlimited" Internet experience won't exist at the residential level in 5+ years.
I hope that you're exaggerating for effect, but you might be right. Small providers have trouble competing right now because of all the advantages the carriers have in the market. Some of the ways small providers can distinguish themselves is through support, or offering things a big player won't. So in some cases it's better to find a regional ISP and go with them because they may work with you, and they may be a little more lenient with some things. I don't think port 25 is worth making a stand on though, there are better battles to fight (rate limiting) that actually mean something to the customer experience.
--Blake
Robert