|
The North American Network Operators Group (NANOG) conference, a gathering of Internet Service Provider (ISP) engineers and vendors convenes three times a year for mostly technical conversation along with social networking. The recent NANOG conference in Reston Virginia saw some unusually direct talk about Spam and the ISPs that tolerate it from America Online’s Postmaster, Charles Stiles.
Although the usual tone of presenters is either friendly or blankly academic, Stiles’ tone was more aggressive. His message was short and sweet: ISP must change their ways or AOL will blacklist their mail servers. Stile credited ISPs for blocking TCP port 25 amongst their broadband and dialup userbases, a maneuver that has previously reduced spam output. However, he presented data showing that the majority of spam now comes from ISP mailservers directly. As port 25 access has been blocked, the common worms that send out most spam have altered their tactics and have diverted their mail through the various ISP’s own mail servers.
Stile submitted that ISPs must do more than just block port 25 outbound. Ideas included the use of anti-spam techniques on outgoing (as well as incoming) email, the use of outbound email rate limiting, and, most importantly, the implementation of SMTP Authentication for all ISP users.
Stile also addressed the issue of Sender Authentication technologies such as SPF and Sender-ID. While noting that AOL supports these technologies, he was quick to point out that they won’t stop spam coming from other ISPs’ mailservers, as most of the worms send their spam with the local ISP’s domain as the from or sender domain. He also noted that AOL will use published SPF records as the basis for their spam whitelist in the very near future and urged the attendees to register such records immediately.
Needless to say, Stile’s plain talk and hard data were extremely persuasive. ISPs have clearly entered into a new phase of the anti-spam battle where tactics will become more complex and simple measures like Access Control Lists will be insufficient. AOL appears to be quite serious about blacklisting other ISPs who fail to take aggressive enough action against mass emailers. This may result in some partitioning of the Internet mail system in the immediate future if offending mail system operators are slow to act.
Stile’s presentation is available on-line [PDF].
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
AOl has been very progressive of all the ISPs for a long time, and a lot of the stuff they are doing is very good. For example, AOL’s postmater wrote a document on port 25 blocking and it seems that they are widely promoting the idea along with allowing the SUBMIT port (587) instead. Good luck!
I’m opposed, myself, to ISPs blocking port 25 outbound, since many users (myself included) have legitimate reasons to use outside mail servers. In my case, I use an e-mail address in my own domain, hosted on a Web hosting provider, and wish to use both inbound and outbound servers at that provider.
Need to use an outside mail server?
That’s easy to do with SMTP-Authorization running on the SMTP Submission Port, TCP port 587. This can also be accomplished by using SMTP-AUTH with TLS (aka SSL). Other alternatives include SSL and IPSec VPNs. You would be surprise how many folks support at least one of these techniques. If they don’t, find a new hoster!
Closing port 25 to dynamically assigned IP addresses is an important part of the move towards accountability and authentication in email origination.
For now, you can also “smarthost” - use your own ISP’s mailserver to relay out mails with altered message headers. As SPF and Sender-IF are adopted, however, this will stop working, as the difference between phishing and smarthosting is intent rather than technical.