![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Comcast considers "clever" anti-spam idea
Rolf
user\" at domain.invalid.com>"
Thu May 27 15:55:36 EDT 2004
KronaTech wrote:
> "N. Miller" <tdy at blackhole.aosake.net> wrote in message
> news:MPG.1b1ec4358941f5829896f8 at news.spamcop.net...
>
>>The second place is in the ]>...>[ between Comcast and the MX. That part
>
> of
>
>>the schematic represents a nebulous cloud of copper, fiber, bridges, and
>>routers which mark the TCP/IP path between Comcast and the MX. Comcast can
>>prevent packets sent to port 25 from ever getting into the ]>...>[ route.
>>Those packets can be discarded, or diverted to the Comcast SMTP servers.
>
> If
>
>>no port 25 traffic leaves Comcast, how could you circumvent that? You can
>>add as many intermediary agents, represented schematically as ]>...>[port
>><n>:ISP:port<n>]>...>[ as you wish, but if the packet can't get past the
>>final ]>...>[, it can't reach the [port25:MX] at the end. That is what
>>blocking port 25 ***OUT*** from Comcast will accomplish.
>>
>>Okay, you can circumvent Comcast port 25 blocks by substituting [port
>><n>:AnyOtherISP:port<n>] for [port<n>:Comcast:port<n>]; but the fewer
>
> [port
>
>><n>:AnyOtherISP:port<n>] systems available to the spammers, the easier it
>>becomes to block [port<n>:AnyOtherISP:port<n>] systems at the MX, using
>>DNSBLs. There simply will be fewer such systems to block.
>>
>>Between ISPs blocking packets from leaving their routers to port 25 on
>>remote systems, and applying DNSBLs to IP addresses of ISPs which don't
>>block port 25 traffic out, the pool of spam spewing proxies connecting to
>>port25:MX to deliver spam will be significantly reduced.
>
> What the hell did your teacher do to you, Norm? 8)
I may not have invented the IP protocol and may not know all its details
but his explanation is exactly my own understanding of this matter. I
can not see where in this discussion the obvious impedance mismatch
seems to occur.
Of course can you circumvent port 25 blocking by relaying to some other
proxy/zombie which is on a network not blocking that port but as more
networks would block outgoing port 25, as less spew sources were
available to actually deliver the final message to the end user and as
simpler they are to block through BLs.
Port redirection services as far as they exist and as far as they are
available for free, would most probably take measures fast if they would
get abused as that would put them on the BLs as well.
As such I can't fully understand your emotional pleading how idiotic and
bad this measure would be. In the worst case I think it would be at
least useful for some time and after that it would just get sort of
obsolete but had no adverse effect whatsoever.
According to your reasoning in this matter asking Chinese ISPs to stop
hosting spam sites would be no solution at all as the spammers will find
other ways to make up for that, such as moving to another country or
actually using the more and more wideband pseudo static IPs to host
their spam sites on zombies. And with access to their own DNS servers
even dynamic IPs might not be a very difficult thing to do.
Rolf Kalbermatter
More information about the SpamCop-List
mailing list