On Wed, 14 Mar 2007, Tim Trent wrote:

> I picked up the snippet about ISPA making submissions regarding SPAM to 
> Parliament today.  The ISPA press release is fine and factual.  What 
> surprised me was the idea from Trend Micro about blocking port 25 which 
> will allegedly cut spam at a stroke.

And it would, for a while at least.  The academic community has been doing 
this for years, it is not a new idea.  ISPs have always been extremely 
reluctant to do it though.

> This looks to me like the same type pf knee jerk that got us "Corporate TPS"
>  
> Don't get me wrong.  I hate Spam.  But I hate ideas that do not address the
> real problem, too.

It is not a knee-jerk idea, it has been implemented widely and 
successfully for years in the academic community, so it is not a new idea.  
Just one that ISPs have always been extremely reluctant to implement.  In 
the meantime, broadband has come along, and the capacity of compromised 
end-user computers at home to send spam has increased many times over, 
exacerbating the whole problem.

Blocking port 25 is one of a number of steps that could be taken, each 
with their own benefits and downsides.  By getting rid of port 25 access 
to arbitrary mail servers from end-user networks, and mandating use of 
authenticated mail submission services (which operate on another port), 
you force people sending mail to authenticate and 'prove' who they are, 
and maybe have some control over who they claim to send mail from.  This 
means that, if nothing else, you can identify whose account was used for a 
spam run, should it happen that way.  The responsibility for the dealing 
with the emission of spam into the Internet is shifted from some transit 
agent (the ISP) to the organisation who provide the authentication 
service, and so presumably have some real-world tie to the responsible 
user.  This might be an ISP contract, a contract of employment, or 
something else.  But the point is you know whose account is responsible, 
and a responsible organisation can then deal accordingly.

Quoting the article: "But blocking port 25, the way, for example Now! 
Wireless Broadband does simply aggravates users who work form home and 
need to log in to the office's mail server to send mail, or who have 
multiple legitimate mail servers to which they need to go in order to send 
their email correctly."

The office mail server, and 'legitimate mail servers' should be offering a 
secure authenticated interface for email submission (ie, for allowing 
'their own known users' to send email to arbitrary destinations).  That is 
a service provided on a different port, and authentication is (supposedly) 
mandatory.

In your case, Tim, having read your blog article, your Marketing 
Improvement mail server should be configured to listen on the other port, 
and request authentication before mail can be sent through it on that 
port.  And it shouldn't care whether you are "in the office" (ie, on the 
network local to the mail server), or "at home" (ie, somewhere out on the 
internet).  You never need to change your SMTP mail server setting, as you 
can access it from both places, no need to reconfigure as you move around.  

As it happens, many spam engines are already aware of port 25 blocking, 
and some will interrogate mail client software on a compromised computer 
to find out where to send mail, and which username and password to use to 
send it (as users normally store these details in the application, 
contrary to best security practice).  So it isn't a golden bullet, but it 
would help knock the noddy spammers out of the race for a good while.

Yes this really is quite off-topic ...

Jethro.


>  
> 
> 
> Tim Trent - Consultant
> Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
> Personal blog:  <http://timtrent.blogspot.com/>
> http://timtrent.blogspot.com/
> See also  <http://complianceandprivacy.com/> http://complianceandprivacy.com
> 
> email:  <blocked::mailto:[log in to unmask]>
> [log in to unmask]
> Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
> United Kingdom, RG12 1BP <blocked::http://www.marketingimprovement.com/> 
> http://www.marketingimprovement.com
> 
>  
>   
> 
> 
> Important: This message is private and confidential. If you have received
> this message in error, please notify us and remove it from your system. This
> email and any attachment(s) are believed to be virus-free, but it is the
> responsibility of the recipient to make all the necessary virus checks. This
> email and any attachments to it are copyright of Marketing Improvement
> Limited unless otherwise stated. Their copying, transmission, reproduction
> in whole or in part may only be undertaken with the express permission, in
> writing, of Marketing Improvement Limited. Marketing Improvement Limited is
> registered in England No. 4283972. Registered Office: 643 Watford Way,
> London NW7 3JR and its VAT number is GB798 2065 86.
> 
>  
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>      All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
>  Any queries about sending or receiving messages please send to the list owner
>               [log in to unmask]
>   Full help Desk - please email [log in to unmask] describing your needs
>         To receive these emails in HTML format send the command:
>          SET data-protection HTML to [log in to unmask]
>    (all commands go to [log in to unmask] not the list please)
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> 
> 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^