Discussion:
ISP port blocking practice
(too old to reply)
Jon Auer
2010-09-06 08:42:48 UTC
Permalink
With all the different webmail systems, it seems unlikely to me (though I definitely wouldn't say impossible) that bots are spamming through your webmail (unless you work for gmail, hotmail, etc. and are an attractive enough target that it made sense to code a bot to automate utilizing your webmail interface).  Bots being used as proxies seems far more likely to me for the general case of "bots" spamming through an ISP's webmail.
Many providers and hosts use the same webmail packages so the work to
automate is a bit lower than one might think.
We have seen bots sending spam using our squirrelmail and roundcube
webmail using credentials gleaned from phishing activity.
Brett Frankenberger
2010-09-06 13:22:05 UTC
Permalink
Anti-spam is a never ending arms race.
That's really the question at hand here -- whether or not there's any
benefit to continuing the "never ending arms race" game. Some people
think there is. Others question whether anything is really being
accomplished. Certainly we're playing it out like an arms race -- ISPs
block something, spammers find a new way to inject spam, and so on.
The end result of lots of time spend on blocking thins, less
functionality for customers ... but no decrease in spam.
Originally, the default config
for most SMTP servers was to relay for anyone. 10 years ago, sending
spam through open SMTP relays was quite common. Eventually, the default
changed, nearly all SMTP relays now restrict access by either client IP
or password authentication, and the spammers adapted to open proxies.
Today, nobody in their right mind sets up an open HTTP proxy, because if
they do, it'll be found and abused by spammers in no time. These too
have mostly been eliminated, so the spammers had to adapt again, this
time to botted end user systems.
Getting rid of the vast majority of open relays and open proxies didn't
solve the spam problem, but there'd be more ways to send spam if those
methods were still generally available. The idea that doing away with
open relays and proxies was ineffective, so we may as well not have done
and should go back to deploying open relays and open proxies it is silly.
Is it? It's likely true that the amount of span sent through open
relays today is smaller than the amount of spam send through open
relays 10 years ago. If the objective is "less spam via open relays",
closing down open relays was a raging success. But that's not the
objective. The objective is less spam, and there's certainly not less
spam today than there was 10 years ago.

Of course, those who worked to close open relays might argue that there
would be even more spam today if there were still open relays. But
they don't know that and there's no real evidence to support that.

The theory behind closing open relays, blocking port 25, etc., seems to
be:
(a) That will make it harder on spammers, and that will reduce spam --
some of the spammers will find other other ways to inject spam, but
some will just stop, OR
(b) Eventually, we'll find technical solutions to *all* the ways spam
is injected, and then there will be no more spam.

There's little evidence for either.

-- Brett

Loading...