Shutting Down the Highway to Internet Hell

By Larry Seltzer  |  Posted 2005-04-08 Print this article Print

Opinion: The time has not only come for ISPs to block port 25 for consumer accounts, it has long since passed. The rewards for this and other ISP management techniques could be large, but ISPs need to be careful about how they do it and tell users

Do you run a mail server on your home Internet account? If you do, its probably without your knowledge, such as in a mail worm or a zombie spambot. Few if any people running these programs intend to do so, and its time for ISPs to close the door through which they operate. I think theres a consensus developing among anti-spam researchers, many of them responsible for fighting spam on ISP networks, that unrestricted use of TCP port 25 must be shut down to the average Internet consumer. There are those who disagree, but their arguments sound obtuse and defeatist rather than actual justifications to not block port 25.

TCP Port 25 is one of the core interfaces of the Internet, through which Internet mail servers typically send mail to each other. Its normal for users to send data out port 25, but they do so to their own ISPs mail server, from which it is forwarded on to the appropriate location. This is the server identified as the outgoing mail server in the mail client configuration.

But if you are infected with a spam zombie—typically, a mail worm with a backdoor used by a spammer to cause your computer to send out massive amounts of spam—the mail does not go through your mail server. It probably goes directly to the server of the target domain for the spam message. The overwhelming majority of users have no need to do this and are perfectly well-served by sending all their mail through the ISP mail servers. Its also worth reiterating that the block need only be put on consumer client systems, not on higher-end services.

Of course there are users who do need access to the port, or who at least want to run their own mail server and dont intend to abuse the privilege. Or they have a need to use a different mail server than the ISPs, perhaps for reasons involving confidentiality. There are ways for ISPs to accommodate these users.

In fact, theres no reason an ISP cant make exceptions for users who want to use port 25 more openly, especially if they agree to rate limits and to configure it securely. The real problem that needs to be solved is the users who dont know they are running a mail server. Such users wont miss not being able to run one.

Alas, this level of customer service may be too much to expect from some ISPs. Hosting servers are also often far too lax in the management of mail on their networks.

Next page: ISPs Fighting Back

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel