Spam Wars: When Good Geeks Say Bad Things

When the first reaction of the industry's best minds is to spew vitriol on network administrators who are (finally!) taking steps to secure their networks, the challenge facing today's security professionals is as great as ever.
Last week I was reminded once again that even among some of the most highly educated and technically capable people in the world, the fight against unwanted junk email remains fraught with anger and vitriol – often directed at those who are trying to stop it!

My most recent run-in with misdirected rage began with a message recently posted to the popular Interesting People mailing list, run by technology luminary Prof. Dave Farber.

The message, from Farber himself, described his annoyance and anger with his residential broadband provider, Comcast, for making a change to their network that caused him to be unable to send email for a brief period of time.

As it turned out, Comcast had implemented a very common anti-spam technique called "port 25 blocking" which is designed to prevent miscreants from setting up spamming servers on residential Internet connections.

Port 25 is the default SMTP connection port and is the port through which most email software connects to an ISP's sending server. By blocking connections on port 25 from residential connections – other than to the ISP's approved mail relays – an ISP's mail customers are usually unaffected while rogue email senders can't get their mail delivered.

Security Articles
Security and the Politics of Fear

Norton Internet Security 2008: Faster, Stronger

Microsoft's New Patent: The Dark Side of SaaS

Google's Android vs. Apple's iPhone: Which is More Secure?

FREE IT Management Newsletters

Port 25 blocks also have the added benefit of making it much more difficult for worms to propagate themselves via email, especially when the payload involves spewing more virus-laden email through a mail server surreptitiously installed on the victim's computer.

Unfortunately, like many anti-spam measures, port blocking is not without costs. It's a pretty ham-handed approach, blocking both legitimate and illegitimate mail connections. Indeed, sometimes those most directly harmed are the more sophisticated users who aren't doing anything wrong.

Farber's complaint on the Interesting People list unleashed a torrent of anger at ISPs like Comcast for blocking port 25 and doing other things that inconvenienced and infuriated power users.

As the moaning on the mailing list shows, the folks who end up as "collateral damage" in the spam wars are the more skilled and demanding users, many of whom may get their broadband connectivity from one vendor but use another ISP for their email or domain hosting.

Ironically, the "cure" for many geeks stymied by port 25 blocking is, naturally, to get geekier: configure your mail application to communicate on the more obscure port 587, use secure IP tunnels, use VPNs, and generally get more creative about circumventing the blocks.

One category of correspondent heard from loud and clear: home hobbyists who are trying to run their own mail servers at home. Port 25 blocks present a pretty huge challenge for those folks. Besides being a violation of most residential broadband service agreements, the only difference between a hobbyist running a home server and a spammer running a home-based spam-cannon is in the morality of the sysop.

Since no one has yet built a spam filter that weighs the darkness of your soul, only a blanket block on home-based mail servers is workable.

Hobbyists who are experimenting with servers at home in violation of usage agreements are difficult for me to get teary-eyed about. But I can sympathize with those who've found their email suddenly not working only to find that after hours, or even days, of looking for something broken come to discover that, as the old saying goes, "it's a feature, not a bug."

I'm not the least bit surprised by the anger expressed on the Interesting People mailing list at Comcast. Being a bit of a geek myself – ok, more than a bit – I hate it when service providers and vendors start pulling blocks out of the teetering Jenga Tower that is my personal technical infrastructure.

It was back in 1998 that Internet policy guru Prof. Lawrence Lessig got his own hard lesson in how anti-spam measures can force decent people to fiddle with their email configurations. In an opinion piece, he decried the fact that his and other universities were being blocked for spam-related problems.

As it turns out, his school was running an open email relay that allowed unauthenticated users to send mail – and spammers were making liberal use of it to deliver their junk.

What offended Lessig was not that spammers were abusing the network, but that anti-spam techniques were making his life more complicated... and then blaming the anti-spam effort.

Maybe I'm just too deeply steeped in anti-spam stuff, but I haven't expected any Internet connection to support port 25 connections in the better part of a decade. Blocking port 25 has been a recommended security and anti-spam practice for at least that long, and anybody who is just now running into port 25 problems is, in my experience, pretty far behind the curve.

My greater concern is that today the simplest anti-spam measures can still create such anger, especially among the community of highly educated and technologically savvy individuals who are the core of the Interesting People mailing list.

If the first reaction of the industry's best and brightest minds is to spew vitriol on network administrators who are (finally!) taking steps to secure their networks, the educational challenge facing today's security professionals is as tremendous as ever.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.