North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Jørgen Hovland
  • Date: Thu Feb 03 10:50:00 2005

----- Original Message ----- From: "Gadi Evron" <[email protected]>

Allow me to elaborate; and forget about this article, why limited ourselves?

Once big ISP's started blocking port 25/outbound for dynamic ranges, and it finally begun hitting the news, we once again caused the spammers to under-go evolution.

In this particular case, they figured they'd have to find better ways to send spam out, because eventually, they will be out of working toys.
I am a bit concerned that blocking any port at all preventing abuse of the affected service will make the abusers go through other services instead. Port 139/445 is already blocked by several isps due to excessive abuse or I believe they call it 'a security measurement'. Even port 23 has been blocked (inbound and outbound) by atleast 1 large isp I am aware of. When that mssql worm was lurking around isps were also blocking that port. I hope I'm not the only one seeing a pattern here. Really, blocking ports makes no sense to me in the long run. You are destroying the service, and even if you block all ports there are several ways to spam anyway. You would probably reply now saying that "yeah but you get rid of 99% of the spammers that way". That is only partly true. As time goes on all spammers will adopt to your isps new "security policy" and if you still don't see the pattern I am talking about now there is nothing more I can say. I don't have the solution to all of this, but I sure know how to see what is not the solution. Teach people how to write "Hello world" better perhaps.

Joergen Hovland
Joergen Hovland ENK