dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed

js339

join:2007-03-10
Vancouver, WA
reply to Irish Shark

Re: Why is _incoming_ port 25 blocked?

I stand corrected. Thanks for the link and info, both of you.

I guess I shouldn't be surprised, but I'm rather appalled that front-line customer support staff weren't aware of their company's policy, which would have saved me a whole lot of time, aggravation, and frustration. The attitude that really frosts me is that 99% of the support staff don't need to know what 99% of the customers don't need to know, and ISPs can just start blocking ports and filtering all and sundry willy-nilly when they feel like it, because 99% of the general public doesn't need to access anything but Facebook, Google, and YouTube on a residential internet connection.

My beef with Gmail and kin is that they all tend to have this same 99% attitude. 99% of my emails get through, but there's that 1% that doesn't---sometimes very important messages---get caught in the deep dark void of google's spam filter, and do not even show up in my spam folder, so I'm completely unaware of them, or else there is a site I cannot access because Gmail silently discards my password recovery mail as spam.

I believe that all spam filtering should be done at SMTP time, and when and if an email is accepted for delivery, it should be delivered: any further filtering should be in full control of the end user. There is no reason to break that expectation.

It's frustrating when gmail accepts mail on my behalf, and then silently discards it as spam, and I have yet to find a viable alternative.



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by js339:

I stand corrected. Thanks for the link and info, both of you.

I would that I could have offered direct links, but CL wants zip codes, and mine doesn't work for them. So I tried shooting in the dark.

... and ISPs can just start blocking ports and filtering all and sundry willy-nilly when they feel like it ...

Again, in my experience, there is nothing random about port blocking. For the NetBIOS ports, the ISPs are not selling local area networking; and NetBIOS is inherently insecure, and not suited for use on wan (the public Internet). It is a part of the ISPs own network security policy to force sharing through specific user applications (most ISPs don't block FTP, that I am aware of).

For SMTP service, most ISPs offer their own, in-house, or sub-contracted email service. But most residential users don't even think about security at all, and some are prone to fall prey to 'bots, which take over their system to spew spam outbound to port 25. When I first started running my own server, I actually counted incoming port 25 connections (at that time still permitted on SBC) from dubious sources. The two largest offenders were SBC (1st in spam, 2nd in customer count) and Comcast (2nd in spam, 1st in customer count). By the end of 2002, each ISP had implemented port 25 policies (Comcast would push a port 25 blocked modem config file to offending customers; SBC just implemented a system-wide block on outbound port 25). By the summer of 2003, both ISPs were in a dead heat for dead last in dubious SMTP connections from compromised customer machines, with Verizon and Road Runner the two top offenders. As a spam mitigation technique, port 25 blocks work.

Aside from some vulnerable Windows networking function on, I believe, port 445, I am not aware of any other widely blocked ports. ISPs are responsible for the security of their networks, and will, even should, implement security policies for the greater good of their customers.

I believe there exists a small, tech-savvy subset of ISP customers capable of responsible access to useful ports, for whom an ISP should offer a different level service, at a reasonable fee. Many ISPs do just that (with the probable caveat that their fees may not be reasonable) by offering static IP address packages.

I believe that all spam filtering should be done at SMTP time, and when and if an email is accepted for delivery ...

It's frustrating when gmail accepts mail on my behalf, and then silently discards it as spam, and I have yet to find a viable alternative.

I agree, and the viable alternative, if one is willing to tackle the job, is to run one's own mail server. I like that my ISP does offer static IP addresses for a reasonable fee; to include setting rDNS, so the server host name is in my domain.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


MooJohn

join:2005-12-18
Milledgeville, GA
kudos:1
Reviews:
·Windstream

There is another "middle" option: a web hosting package with email. I'm a very happy customer of Fused.com and it would cost you a whopping $15/month for some web hosting space and email, and you have control over every aspect of your email -- perfect if you want to pair it with fetchmail that js339 mentioned to pull it from their server to yours.

You gain a permanent IP for your mail and backup space online even if you never put anything on the web side except a placeholder page. I'm pretty picky when it comes to paying anyone for server space and I've got to say Fused never fails to impress - and that's coming from the grouchiest admin around!
--
John M - Cranky network guy



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by MooJohn:

You gain a permanent IP for your mail and backup space ...

Is that IP address yours alone, or shared with others? I ask because DNSBLs list IP addresses; if one of your IP neighbors is caught in a DNSBL listing, your server will also be.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

js339

join:2007-03-10
Vancouver, WA

For Fused.com, anything less than $100 per month is shared. There are free shared web hosts for that matter, and yes most of them include shared email. That doesn't gain me anything over any other shared email provider.