[Top] [All Lists]

Re: [Asrg] 6. Proposals: MTA MARK vs port 25 filtering?

2003-12-10 15:36:36
On Wed, Dec 10, 2003 at 09:05:18PM +0100, Markus Stumpf wrote:
On Wed, Dec 10, 2003 at 02:19:43PM -0500, David Maxwell wrote:
One question I have about MTAMark - how does its effect differ from the
effect of blocking outbound port 25 (other than from authorized MTAs)?

Blocking ports can only be done in Routers or Firewalls.
1) Such rules, especially with a lot of exceptions are very expensive
   in terms of CPU cycles. So as e.g. an ISP you don't want to put a port 25

deny *
permit MTA1
permit MTA2

That isn't a very complicated ACL. I believe Cisco IOS will fastpath
that in most cases (turning on some specific options will make it slow
path, of course).

2) Lists like that have to be maintained by rather highly skilled personnel.

MTAs don't change very often. Adding MTA3 to the list above shouldn't be
overly challenging (but I understand that you don't want a $5/h tech
making that change).

3) You need the hardware/software capable of doing the blocking, so this
   is also a cost factor.

Compared to the cost of people time to handle spam complaints, it's
probably easy to justify.

4) If you are running a small business or a workstation the firewall might
   be useless, as an attacker that gains admin priviledges can also
   disable the firewall. Accessing the DNS configuration at your ISP will
   not be as easy.

I was suggesting that the ISP be the org blocking 25. (I dislike network
blocks in general, because they diminish the usefulness Internet, but
spam does so even more.) Accessing the router at the ISP will not be as
easy either.

5) With MTA MARK I as a receiver know what the intention of the
   maintainer of the IP space is. With a port 25 block not being there I
   don't know if it is on purpose or if it is a mistake.

Your comparison is not valid. You can't detect mistakes in the MTAMark
database entries any more than you can detect errors in the ACL.

6) If it can be solved with port 25 filtering this would be great. But
   the technique to do it is there for years. Why is spam still a problem?

I say that people have been unwilling to do it because they didn't
perceive spam to be a serious problem. The recent escalation of spam
traffic might cause them to consider it now.

Of course, both problems suffer from the issue that they are on the
sender side - most people are more concerned about the spam their
network recieves than the spam their network sends, and they fail to
perceive the relationship between the two.

David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net --> 
Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville 

Asrg mailing list