[129342] in North American Network Operators' Group
Re: ISP port blocking practice
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Sep 3 08:18:50 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <AD651673-8B31-42DC-94FD-6087B59859D8@ianai.net>
Date: Fri, 3 Sep 2010 05:12:01 -0700
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 2, 2010, at 8:54 PM, Patrick W. Gilmore wrote:
> On Sep 2, 2010, at 11:48 PM, Owen DeLong wrote:
>=20
>> We should be seeking to stop damaging the network for ineffective =
anti spam measures (blocking outbound 25 for example) rather than to =
expand this practice to bidirectional brokenness.
>=20
> Since at least part of your premise ('ineffective anti-spam measures') =
has been objectively proven false to fact for many years, I guess we can =
ignore the rest of your note.
>=20
Really? So, since so many ISPs are blocking port 25, there's lots less =
spam hitting our networks?
That's really news to me... I'm still seeing an ever increasing number =
of attempts to deliver spam on my mailservers.
I'd say that it has been pretty ineffective.
> Also, just so everyone doesn't think I'm in favor of "damaging" the =
network, I would much prefer a completely open 'Net. Who wouldn't? =
Since that is not possible, we have to do what we can to damage the =
network as little as possible. Port 25 blocking is completely =
unnoticeable to something on the order of 5-nines worth of users, and =
the rest should know how to get around it with a minimum of fuss =
(including things like "ask your provider to unblock" in many cases).
>=20
Not really true. First, i dispute your 5-nines figure, second, yes, i =
can usually get around it, but seems each network requires a different =
workaround. Since, like many of us, I use a lot of transient networks, =
having to reconfigure for each unique set of brokenness is actually =
wasting more of my time than the spam this brokenness was alleged to =
prevent.
I suppose I should just shut up and run an instance of my SMTP daemon on =
port 80. After all, since IPv4 addresses are so abundant, rather than =
use port numbers for services, let's use IP addresses and force =
everything to ports 80 and 443.
Owen
