Memo to ISPs: The SPAM Problem is Partly Your Fault
10 Feb
ISPs are one of the most vocal opponents of SPAM because it eats up their bandwidth. Yet, a lot of ISPs continue to allow their customers to send email out to the world on TCP port 25 with no restrictions. Huh?
I’m of the opinion that the ISPs need to take more responsibility for the email that is leaving their networks. If you are an ISP and you have SPAM zombie PCs on your network spewing thousands of outbound SPAM messages per day, then you need to shut them down.
Every ISP should be proactively monitoring their networks for computers that are sending SPAM and shutting them down. Forget about waiting for a complaint! What possible reason is there for a consumer broadband customer to be sending thousands (or millions) of messages a day directly to the internet?
I can’t believe it, but I’m about to say something nice about Telus. Listen up, because it may not happen again for a long time. If ever.
Telus gets a bad rap from some of their customers for blocking outbound port 25 traffic from their consumer DSL network. Their customers have no choice but to route their outbound SMTP email through ‘smtp.telus.net’. At one time, when I was a Telus customer, I found this to be annoying. I may have even ranted about it. But now I get it.
Telus has control of their outbound SMTP email traffic because it all has to pass through their outbound SMTP servers before entering “the cloud”. I’m probably giving Telus way too much credit, but it certainly appears that they are at least in a position to do something about the SPAM originating from their network.
Shaw (my ISP) doesn’t block outbound port 25 traffic. If a Windows PC in my neighborhood gets turned into a SPAM “zombie”, <sarcasm>which apparently is REALLY hard to do</sarcasm>, and starts spewing SPAM then Shaw apparently doesn’t have a clue unless people started complaining. The ironic part is that Shaw is one of the few major ISPs that actively employs bandwidth throttling on Bittorrent and yet doesn’t seem to be doing anything about outbound SPAM.
Just take a look at the filtering results when Ben Wong started filtering SPAM based on PTR records from the Shaw network! There is clearly a ton of SPAM originating from the Shaw network. Now, perhaps Shaw is monitoring outbound SMTP traffic from their consumer cable modem network and I just don’t know about it. There are certainly tools available to that would allow Shaw to keep invisible tabs on what is exiting their network. Or perhaps they aren’t. If they are, they clearly aren’t doing a very good job of dealing with it!
There are a lot of people who need to share the blame when it comes to the SPAM problem and the ISPs are certainly not the biggest offenders (*cough* Microsoft *cough*). Having said that, I think the ISP community needs to take a more active role in shutting down the SPAM problem. After all, people can’t connect to the interent without an ISP. If the ISPs are doing their part then then number of computers sending SPAM will be significantly reduced and that will making stopping it a much easier task.
There are no shortage of tools available to the ISPs in order to detect and deal with SPAM that originates on their networks (e.g. Barracuda Spam Firewall-Outbound mode). So why are my mail servers still getting hammered by SPAM that comes from consumer DSL and cable modem IP addresses?
Tags: anti-SPAM, ISP, Recommended-Reading, Shaw, smtp, Telus
I totally agree with your point of view, but I have to admit that I was annoyed when my ISP (bredbandsbolaget) turned off outgoing SMTP. At that time, I was running my own mailserver, and I was not happy. Anyway, configuring my mailserver to use their server as smarthost wasn’t that difficult, and nowadays I don’t bother running my own server. Of course, this only applies to home broadband users, if you have business customers you probably need to allow them outgoing SMTP, even though it’s not really necessary for them either.
Still, as far as I know, here in Sweden most ISPs still allow outgoing SMTP, but they really shouldn’t. Blocking outgoing SMTP is a really simple solution, that doesn’t require a lot of resources or fancy filtering platforms, just an access-list.
I was purely referring to home based business users. I do believe that business customers should not have to deal with port 25 filtering.
“Yet, a lot of ISPs continue to allow their customers to send email out to the world on TCP port 25 with no restrictions. Huh?”
I won’t use an ISP that wouldn’t allow this. I pay them for a connection, and I expect it to be un tampered with. The SMTP servers need locking down, not our access to them. I used to run my own mailserver at home (my ISP, Plusnet not only allows this, but can deliver mail their recieve for me to it!), and without being able connect out to any SMTP server, I wouldn’t have been able to delivery emails.
I note the above commenter changed to Smarthost, but that simple means all the spam is channeled through the smart host – it’s nto blocked. The only advantage to this is that it stops any viruses that try to deliver mail themselves (which I suspect is very few).
The problem is not the SMTP servers. The problem is the millions of security-swiss-cheez Windows machines that are spewing out SPAM like there is no tomorrow on port 25. I appreciate that you want to be able to run a SMTP server and have full access to outbound port 25, but you are in the 0.1% minority who requires this.
>> There is clearly a ton of SPAM originating from the Shaw network. <<
I laughed when I saw this. I work as a Linux System Admin for a major Internet hosting company. Very often when I am tracing yet more spam in a customer’s queue I find the source being an IP belonging to Shaw. I had never heard of Shaw until I started tracing spam back to exploited hosts.
For those ISPs that do block port 25, getting around the ISP blocks can be as simple as requesting an exception from the ISP or setting up a NAT rule or another smtpd service listening on an alternate port on the mail server (assumes complicity on the part of the Internet-hosted mail server that will relay your mail).
Whether ISPs should be blocking ports is a big question. But that Shaw is a contributing source of spam on the Internet…there is no doubt.
Shaw has had port 25 blocked for some time. Since at least August 2007 in Calgary. If you are sending Email from Shaw’s network, you have to use an alternate port.
Telus allows using port 1025 for their hosted email.
Shaw prevents email connections from outside their network altogether. You can’t use your Shaw (personal) email except through their web email.
I don’t know when they turned on port 25 blocking, but it’s definitely on at this time.
I’m glad to hear that Shaw is finally getting their act together on the port 25 issue. I’ve been using port 587 via smtp.gmail.com for years so I hadn’t noticed…