2 posts • joined 26 Aug 2010
Why do consumer broadband providers not do egress filtering, blocking TCP destination port 25? it's a very simple rule. No one but spammers need to run their own mail server out of a dynamically addressed ADSL pool. Legit users can relay through their ISP's mail servers, or use the SMTP submit port to send mail through other servers -- SMTP submit exists precisely for this purpose and presents no risk of non-relayed spam delivery.
Customers who need to run their own servers -- and to be clear this is at most like .0001% of a typical consumer ISP's customers -- can be placed on their own subnet, given static IPs, and not be made subject to egress filtering.
These policies and practices are almost trivial to assemble and would virtually end botnet spam originating from networks on which they're implemented. The ISP's mail servers could still relay spam from infected machines, but these mail servers also represent choke points where spam can be much more effectively filtered. ISP customers could be given the option to opt-in to ISP email accounts, and since lots of folks these days use webmail it's likely that many people wouldn't want or need ISP specific accounts. That would allow ISP mail servers to further restrict the volume of outgoing spam.
So I ask again, why is this not being done? Are PT Telkom Indonesia, PTCL Pakistan, Turk Telekom, Bharti Airtel India, and Vietnam Post and Telecom Corporation (and so many others) too incompetent? Too strapped for cash? Too indifferent? What is it?
Inquiring minds want to know.
That was quick
So the lesson seems to be that if you want Apple to get around to patching a security flaw before the next ice age, set up a web site to use for jailbreaking your, oops, I mean Apple's, precious phone.
Idea: Adobe should start making phones.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Analysis The future health of the internet comes down to ONE simple question…