ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] article: port 25 blocking

2005-04-20 03:05:41
from [Larry Seltzer] [Permanent Link] 
....
These (closed) relays (which are not port 25-blocked) are managed by ISPs.



Make sense?


Actually, no, I can't find the message with the exact quote from me you cite
and it's over a week ago so I don't remember exactly what the context was. I
think everything you say is obvious and I don't know what you're clarifying.


BTW, have you looked at CSV?  


Not in a long time.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer(_at_)ziffdavis(_dot_)com 

-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org 
[mailto:asrg-bounces(_at_)ietf(_dot_)org] On Behalf Of
Matthew Elvey
Sent: Wednesday, April 20, 2005 1:15 AM
To: Larry Seltzer
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] article: port 25 blocking

Ok, I think some clarification is in order.

On 4/12/2005 7:02 AM, Larry Seltzer sent forth electrons to convey:

<that random ports should be used, and that if 465/587 became common,

spammers would adapt to using them instead of 25.>

Larry, I think you're a bit confused (assuming my paraphrasing of your
statements is accurate).  465/587 are being suggested as alternatives for 25
because the ONLY way to send spam (or legitimate email) using SMTP is over
port 25.  Let me explain.
Briefly (and with some simplification), this is how systems send mail to an
Internet email address:
1) Look up the IP of the machine that receives mail for the domain. 
2) Open up a TCP connection to that IP ON PORT 25. 
3) Send the message. 
The machines that receive Internet email for domains via SMTP from systems
with which there is no prior relationship do not receive that mail on ports
other than TCP port 25.
There's no way that's going to change in the foreseeable future (ie. 
flying pigs, or 100% adoption of SPF WITH end-user roll-out, '-all' 
records AND SRS are more likely).
Let's assume that there's massive adoption of  mail submission via 
465/587, and of port 25 blocking.   It will still be the case that all 
mail sent via 465/587 will then be sent via the 3-step process above, via
port 25.  So the port 25 blocking will remain effective.  It will not be
possible for spammer's zombies to send mail by following the 3-step process
above. Why?  The only machines they will be able to reach via port 25 will
be their/the zombie's ISP's mail servers.  And if they try to send spam via
465/587, they will be sending via machines that are relays, as these will be
the only machines listening on those ports. 
These (closed) relays (which are not port 25-blocked) are managed by ISPs. 

Make sense?

BTW, have you looked at CSV? 


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Ban ciphertrust?, Matthew Elvey
Next by Date:  Re: [Asrg] Re: Anti-spam comparison, Ian Rogers
Previous by Thread:  Re: [Asrg] article: port 25 blocking, Matthew Elvey
Next by Thread:  Re: [Asrg] article: port 25 blocking, Matthew Elvey
Indexes:  [Date] [Thread] [Top] [All Lists]