Slashdot Mirror
How Pervasive is ISP Outbound Email Filtering?
Erris writes "A member of the Baton Rouge LUG noticed that Cox checks the text of outgoing email and rejects mail containing key phrases. I was aware of forced inbox filtering that has caused problems and been abused by other ISPs in China and in the US. I've also read about forced use of ISP SMTP and outbound throttling, but did not know they outbound filtered as well. How prevalent and justified is this practice? Wouldn't it be better to cut off people with infected computers than to censor the internet?"
I use Comcast, and so far this is one thing they have not interfered with, at least in my area.
Pi Ran Out
If my ISP ever did this and it caused me any problems, I would give them three hours to fix it before I switched ISPs.
General rule: ISPs can filter whatever they want by defualt but must be prepared to stop the filter for any customer ASAP (preferrably automatically).
Heck, put it on the router they provide and make it configurable through its web console.
Anybody got any ideas of what phrases are being poof'd by cox?
Beer is proof that God loves us and wants us to be happy.
'cuz if they can't read it, they can't filter it.
O'course, this means that your recipient must have PGP in order to read your message, which can get inconvenient when talking to grandma.
In Xanadu did Kubla Khan
A stately pleasure dome decree
If they did that, it would lower their income and cut into their profits. Filtering outbound email costs less, at least in the short run and that's all the typical MBA is interested in. Their idea is to move to a new company before the long-term damage they've caused becomes evident. (I'm not just wanking, here; I asked an MBA about it once and that's what he told me.)
Good, inexpensive web hosting
An ISP has to be pretty vigilant in policing its own users, or it's liable to get its SMTP servers blacklisted, or even blackholed.
As far as I know, most major email providers will at least pull some Bayesian filtering on their outbounds.
DRM: Terminator crops for your mind!
The poster to that LUG list never claimed it was the content of the message that they were filtering. This is just stupid.
If an ISP doesn't filter their outgoing email to make sure that it's own users aren't spamming, they WILL get blocked. I'm on a super-secret anti-spam mailing list which I can't tell you about, and everybody there cheerfully admits to blocking their own users' outgoing spam. It's necessary.
Don't piss off The Angry Economist
Digging further into the Cox situation, the Cox subscriber said:
I tried to send an email. The email only contained text. The text Cox
objected to was "http://my_homebox_IP_number/"
I haven't checked the Cox TOS lately, but don't they prohibit running a home web server like all the other residential internet providers? Hasn't this been the case since for essentially the same length of time that the Internet has been a commercial venture?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
They could do inline virus filtering easier, cheaper, and still not be intrusive. IMHO they are being rude when they could be helpful.
Having to work for a living is the root of all evil.
I will no longer be able to point to my home server on these lists because Cox
rejects such messages as spam. The message given when I try is:
Sending failed:
Could not write file The message content was not accepted.
The server responded: "ID_INTENTIONALLY_REMOVED This message was
undeliverable. This message has been found to be a potential spam message,
and has therefore been blocked. Please visit http://coxagainstspam.cox.net/
for more information.".
Disk full.
The message will stay in the 'outbox' folder until you either fix the problem
(e.g. a broken address) or remove the message from the 'outbox' folder.
The following transport protocol was used:
smtp.east.cox.net
. . .
I could care less that their disk is stuffed and suspect it is misdirection.
This censorship is only a minor inconvenience but the message it sends is
ugly. It says, in so many words, that the internet is for your consumption
not participation. Changing messages to point to my physics page gets around
the immediate problem, but most people do not have such a thing nor should
they be forced to host things on someone else's computers. I'm paying for my
bandwith, why can't I use it for what I want? Finally, subscribers now know
that every word of every message sent is filtered. Will they filter my IM
conversations next?
You can't talk about Wikipedia's flaws on Wikipedia
what sick emails are you sending, you pervert? (to the author)
ISPs should ask you what services you really need when you sign up for a new account:
"I'm a normal user, let me have what normal users get"
"I'm a power user, please turn on ___, ____, and ___"
"I'm a power user and I really really really know what I'm asking for, please turn on everything."
Then let them change it at any time, either permanently or, if they only need it for awhile, for an hour, a day, or a week.
Once you do that you can hold customers responsible for things like letting bots run loose spamming the planet over an available outgoing port 25.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I also note that Cox's TOS specifically prohibits the hosting of servers:
A more accurate title for this story would be: "User in violation of Cox TOS upset over Cox efforts to enforce TOS."
My advice to said user? Buck up and get business-level service, or find yourself a real hosting service for your mail server.
... is used by ISPs in order to protect their SMTP servers from getting blacklisted on Spamcop, Spamhaus, etc.. If these servers get blacklisted, their customers will not be able to effectively send out email. The message will get sent, but the receipient will rejected because the server is blacklisted.
TOP DSLR Cameras Reviews of the top DSLRs
I know I work for a rather large ISP. You are limited to 1k emails a day anything over that and they cut you off. Then when you call in we tell you to clean your comp. When its clean we turn you back on. After doing this 3 times your gone. Now this is on a personal account so it seems reasonable to be. The biggest issue is that the people getting infected are just the sort of people to have their kid look at their computer and then call back and go "its all take care of". Then they are turned off a few hours later for the same issue.
For all my years in this industry I have never seen so much prostitution of any technology than I see today from spammers.
In all honesty ISP's should be held accountable for their users!
If we were to place a $ amount on the usage of bandwidth that is being consumed by spammers it will more than likely outweigh the profit they are making a million to one. So why must the honest guy on the street be subjected to the same rules/punishment as the spammer....
I think ISP's should start to pay/mail concept like in the old days where you had to pay for postage stamps to send your mail.
If the spammers want to spam, let them pay!!! Every countries communication authority should also start playing an active part in patrolling what is going on!!!
I can understand and am sympathetic to ISPs who force outbound traffic to go through their servers. I'm not saying I agree with it, but I really do get what they're trying to accomplish. I also understand ISPs having spam filters on their outbounds, and think that's actually a pretty good idea. If you really need to send a virus so someone, then you should be technically competent to encrypt it or otherwise shield it from a scanner.
But never in a million years can I even remotely condone actually scanning the text of emails and rejecting ones an ISP doesn't like. That's just Evil.
Dewey, what part of this looks like authorities should be involved?
Wouldn't it be better to cut off people with infected computers than to censor the internet?
Yeah, that's great until MSFT convinces one of them that Linux is a virus.
But we're prepared to wipe the slate clean, give you a fresh start. And all you have to do is install Windows.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Some antivirus packages also block some outbound email as well. At a previous company I worked for, we had to send out numerous survey invitations. Norton would quietly queue and scan all the outbound data (going to port 25)-- which worked in many cases. Except that it was slow. And there was now way of knowing how much data (if any) was still queued. And if the computer was restarted before Norton finished processing the queue, the data was silently lost (even though a "Accepted for delivery" message was returned to the sending program).
These limitations wouldn't be hit by your normal 1-or-2 emails at a time users. But for the rare legitimate high volume senders, like us, it was a problem. IT wouldn't let us turn off Norton alltogether (and rightly so, as we'd seen virii on our network in the past), and there was no way to selectively disable that "feature". Eventually we forced to make our outbound mail server listen on a different port, so that Norton wouldn't scan/lose the data.
At least with COX you get a notification saying that the message couldn't be sent, with Norton, the messages might just quietly disappear.
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
I would like to first state that I am a Cox cable internet subscriber in the Phoenix area. I also happen to wear the abuse desk hat for Arizona's oldest ISPs.
:)
I can say without question that the amount of spam we get from cox is almost NIL. I constantly see spam coming out of Comscat's network, also Verizon and from time to time Time Warner but RARELY Cox. In fact I can't remember the last spam I received that originated from their network.
I don't mind that my egress SMTP port is blocked forcing me to use a MSA (mine is configured to use SMTP AUTH with TLS, which works nicely). The fact is that Cox has their act together in my opinion. The fact that they are a white hat in the abuse category makes me want to continue doing business with them. I don't think what you're seeing here is intentional censorship. It would actually be irresponsible for Cox not to filter outbound mail traffic, since they are bound to have customers that run malware infected / zombied host computers.
Anyway, I say "good job Cox"
P.S. I work for an ISP that is NOT Cox--which one might think after reading my glowing statements (in fact we compete against Cox)
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
I own part of a small ISP and CLEC in the South.
We do not use spy on our customers phone calls or throttle their P2P traffic. We are not considering monitoring their Internet traffic for copyrighted (or any other) data.
Maybe some of the big boys are out there using these draconian tactics, but your average, everyday, garden variety, small ISP is just trying to make a living providing a quality alternative to the behemoths out there.
Please don't lump us in with those guys.
All that said... We *do* filter inbound email traffic for viruses and SPAM. We do block inbound port 25 to our dynamic IPs.
We view these actions as our duty to our customers and to the rest of the Internet to do our small part to help at least slow down the rampant propagation of SPAM on the Internet.
We currently block about 95% of the email that hits our domains - and that number is slowly climbing. Do we occasionally throw out the baby with the bath water? Probably so, but it is rare. I can't even remember the last complaint we have gotten about this, so this tells me that our filters are highly effective.
As for blocking port 25, we do this to guard our address space against our own customers being irresponsible with their PC's and not keeping virus software up to date. Getting our address space blacklisted would effect ALL of our customers.
It is not about getting rich. Hardly so. Email is the probably the biggest drain on resources that any ISP faces. If we didn't take these steps, we probably would not be in business.
Everyone wishes we had the less evil Internet of yesteryear back, but it isn't going to happen. The Internet is a cesspool. We have to defend ourselves in the best way we know how.
About ten years ago, it became impossible for me to send e-mails to my girlfriend with the subject line "ILOVEYOU."
The error message from Comcast -- something about rejection -- was pretty classic.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
If they did that, it would lower their income and cut into their profits.
How? There's no competition in cable. Think of all the bandwith they would save and all the work it would create for local computer stores. There's plenty of profit waiting for everyone in a move like that.
With Godaddy, where I have a domain hosted, if I try to send something that looks like a Paypal/ebay spoof, it gets rejected while sending. (Even if I am sending it to the paypal/ebay spoof reporting addresses.)
This might or might not be a good thing... dunno.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
I've noticed that a number of people I'm in contact with (I run an email list for my band) have email systems that bounce back anything with a link in it, saying it's spam. (For example, the URL for the band's website, stuff like that.) When I pursued it with my girlfriend, she had no idea it was happening, and investigated her system settings and definitely had all spam filter options turned to "off".
Unfortunately, I've started to get accustomed to dealing with this (strip out links & resend individual emails).
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
In the Boston area, comcast fuckers are blocking port 25. So, even though people have legitimate uses for the internet connection they pay for, these companies are taking it on themselves to block standard connection protocols.
/. crowd already knows.
First its port 25, because of spam. Then it will be P2P because of copyright. Then it will be ssh because of terrorism. Then it will be, inspired from the new york story yesterday, filtering web content to prevent false alarms.
Fuckers. Bury your head america.
When people talk about fascist Germany, they focus on the extermination of jews and the holocaust, and while those were horrific acts, they are not what the Nazi party was about. They were the result of the acts of fanatical and arguably insane men who had gained power in the Nazi party, not the Nazi party, per se'
The Nazi party was about power and the exercise of it. It was about bringing pressure on the citizens from all aspects of society to conform to it. It used social structures and industries and laws to bring people under control. It is EXACTLY what is happening in america today. Its all the little things slowly picking away at the big things, until the big things crumble. Freedom of speech? Nope, now we have "free speech zones," where no one will hear you. I could go on, but the
Just like the Reichstag fire in 1933, the world trade center in 2001 gave the neocons the ability to enact limits on freedom. After that, industries which were once regulated in order to protect the citizens are now deregulated and destroying citizens who do not conform, RIAA, MPIAA, walmart, etc.
ISP censorship is just one more piece of it. The internet is becoming the primary conduit of communication and fascist america must have its citizens controlled, just lake Nazi Germany needed its citizens controlled.
All this isn't a conspiracy theory either. No conspiracy theory need exist. Our government (of the people, by the people, bla bla) is supposed to protect us. If it stops protecting us from big companies, those companies will naturally do the work for their own gain.
Now everyone in the USA is afraid. Some of terrorists, some of losing heath care, some of losing their job, their house, what ever. Fear, as the nazi's will tell you is a powerful tool to harness.
Welcome to neocon amaerica where companies sue their customers because they can. Companies dictate what you can do with your property, because they can, and if you do anything about it or protest, you can lose your job which means your house and health care.
Sorry for the rant, but I can't be the only one who sees this whole thing in this way
Comcast around my area actively scans and filters outbound mail.
I send you this file to have your advice?
I worked for a mid-sized business ISP HQ'd in Des Moines and headed up the abuse dept for a short while. We had clients all across the country for whom we sold spam/virus filtering and firewall services to. We never filtered any outbound e-mail whatsoever unless the client specifically requested it and then paid for the extra service of running their outbound e-mail through postini. All incoming e-mail was run through postini whether or not a client requested it. We offered outbound mail services free of charge to all clients (though we didn't make that a known fact) via a basically open smtp servers (access restricted to our ip ranges).
I can't tell you the nightmare it is being in the abuse department for an ISP that doesn't have SOME sort of e-mail filtering mechanism in place, or a policy in place to punish clients who let viruses run rampant on their own networks. Every day I would have to sift through 10 - 100 abuse complaints and even if I could verify that the spam did indeed originate from the client's network there was nothing I could do aside from e-mail their network admin a head's up.
Eventually it got to the point where I was receiving so many complaints about certain clients that I started threatening temporary disconnections (I had no authorization to do so). That worked up until someone who'd been a client for a lot longer than I'd worked there CC'd my boss on his reply. I was told to let the spam fly no matter what, and if I ran into any similar problems in the future to let him know instead. So I did, I sent him e-mails of the same violators and copies of the abuse complaints nearly every day, but nothing ever happened. I have a feeling he just set up an outlook rule to dump them in the trash.
It would be an extraordinary stress-reducer on the ISP side if there was some kind of automated outbound filtering in place for clients. It sucks to censor free-speech but when you can't speak because some moron is spamming the shit out of the entire internet then which is worse?
You're nothing; like me.
I am glad to see that Cox is motivated to make a big effort to avoid being a medium for spam. But I do think they are doing this wrong. The article suggests a right to use their bandwidth any way they see fit. That is not true. They do not have the right to abuse others or other criminal actions. While I applaud an effort to stop those abuses, I think Cox is doing this wrong when it impacts non-abusive non-criminal uses of the internet. This also shows rather clearly that content-based filter is not the right way. I believe it never has been, and never will be. Blocking of the egress SMTP port is, IMHO, a good default. But it should be openable by anyone who calls in and can say the right buzzwords (like "SMTP" and "port 25"). Virtually all zombie spam is from people that don't know those words and do run "the default OS". Cox needs to fix this. What next? Filtering music downloads, a great many of which are perfectly legal?
now we need to go OSS in diesel cars
Cox does have business level cable and I've been quite happy with it. Used to use Speakeasy DSL but got spooked when Best Buy purchased them and switched to Cox. Thus far (little over a year) it has been great. I run 3 servers which do a moderate amount of traffic (maybe 50-100GB up a month) and have heard not a peep out of them. No ports are blocked that I can see, the servers run HTTP, HTTPS, SSH, IMAPS and SMTP between the group of them and it all works fine. They even have an SLA such that in extended downtimes you get monetary credit.
The difference, of course, is that I pay a good bit more. I'm not sure what a consumer level cable connection costs for 10mb/1mb but my understanding is it is somewhere in the range of $50/month. I pay more like $150/month for the business grade with 8 static IPs (the IPs do add a good portion of that).
However I'm ok with that. My usage is much in excess of what you'd get from a normal consumer, I'm ok with the fact that I have to pay for that. It's still not a bad price all things considered.
If you want the cheap consumer connections, then you need to deal with the consumer restrictions which usually include "no servers". It isn't as though they are being assholes and saying "No you can't ever do this," they are just saying "If you want to do this, you need a more pricey service."
... my inability to order lunch meat, specifically Spam(tm) using e-mail.
Have gnu, will travel.
I mean, c'mon, about ten years ago, subject line of "ILOVEYOU"...
What? You don't remember? Okay then, GIT OF MA LAWN!
Or server-like functionality?
So, what exactly, defines a server? When you think about it, there's just traffic between two points. From a semantic perspective, posting to /. could be seen as "serving" text to a remote computer...
But, I think this kind of highlights the apparent Cox conceptual model of the internet:
The optimist in me hopes I'm wrong on some of the above points, but the pessimist knows to suspect the worst.
The society for a thought-free internet welcomes you.
I'm on one of their "faster" dynamic IP residential plans and I can only send mail from my mail server by smtp authenticating against a valid earthlink account. Otherwise, I get an smtp time out message in postfix no matter what.
Earthlink cannot provide me with a static IP which is easy enough to blame on the telco.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I just use GMail over SSL by changing by bookmark from:
http://mail.google.com/
to:
https://mail.google.com/
Problem solved!
Things you think are in the Constitution, but are not.
I found out my e-mails were sent to /dev/null and never returned or anything. It was because of http://antfarm.ma.cx/ ... This happened a few months ago, last year.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
About two months ago, I was attempting to send a song sample to someone from an AOL account - the full song is to be used by a professional DJ, and the clip was being used to properly identify the song, as there are dozens of artists and versions. I didn't send the whole song, just the first 20 seconds or so. AOL refused to deliver the email with the MP3 attachment. I just repeated the experiment, and it went through. I guess they decided that blocking all MP3 attachments isn't a great thing to do.
According to the NANOG list (North American Network operators Group), Comcast has been discarding emails that include a link created using EasyURL, one of many services designed to provide shortened URLs for email links. This could be an anti-spam policy, as URL forwarding through these services is sometimes used by phishing scams to obscure the link's true destination.
Sorry to burst everyones bubble, but you all know that filtering ougoing mail is a default behavior of SpamAssassin, right?
The answer I have to that is "9/11 Changed Everything".
Seriously -- when the US government asked the telcos to commit surveillance crimes against the US citizens, only Qwest refused. Usually, breaking the law is a bad thing, but the US government was offering lots of money to the telcos, and presumably the promise not to prosecute. So the only company that got in trouble was the one following the law. And somehow the Qwest CEO that refused the deal ended up in jail. Meanwhile Dick Cheney is desperately trying to get immunity for the cooperating telcos for their crimes. See how that works?
So on the surface of things scanning and filtering our email might seem to be a bad busines move. But if the same US Government that got illegal telephone surveillance of US Citizens is also going for illegal surveillance of our emails, email filtering starts to make much more business sense.
It used to be that the idea of the US government secretly finding out what was in your emails was in the tin-foil hat realm. But the illegal surveillance of telephone calls would have been as well, along with secretly torturing people in secret overseas prisons. As well as "constitution-free" zones such as Gitmo that are paid for by US taxpayer dollars.
So if you have a government that scans your telephone calls, email, and web-surfing habits, you get very close to a goal of "total information awareness", which was one of the government's programs that was renamed and shuffled around after the public got very upset.
Cialis tibi verpam redit.
disfunctio does not exist, nor does erectilis; although erecta and flaccida would give you what you expect (the common words for "penis" are usually feminine), I do not think that it was ever used with respect to that part of the anatomy. However, I do know the word which is closer in sense to "hard-on" but would probably be used in spam, and I have used that word above.
How is that supposed to stop spam ending up in the user's mailbox, exactly? If the user has a server running on port 25 to receive those messages, then clearly he understands the concept of spam and would presumably have weighed the pros and cons of any such configuration for himself. It seems pretty overbearing that you would presume to protect the user from himself in this fashion.
If you're blocking this particular type of traffic for price/performance reasons, then be upfront about it (although in my naive understanding, I can't imagine that the number of users running their own SMTP servers and yet totally failing to reject spam is so great that the resulting inbound traffic would pose a serious threat to your capacity). Claiming that you're blocking inbound TCP port 25 to protect the users from spam, though -- that just seems disingenuous.
As for filtering incoming spam to users' mailboxes on your own SMTP servers: yeah, you'd pretty much have to be insane not to. There's not much else you can do but to make your best effort at tuning the filters as well as possible to prevent false positives, and then hope for the best...
If what was blocked was a URL that contained his home IP address, then yes, that sounds more than reasonable to me. Hell, it makes sense for ISPs to not only block outbound email that contains a link to IP addresses in their own DSL ranges but also to IP addresses listed as dynamic by various RBLs - as a mail admin at a University, who sees all kinds of problems caused by crap coming out of ISP mail relays, I applaud this effort. Maybe they should start looking at using a few URIBLs to filter outbound mail too, as that would catch things that have been picked up elsewhere as being spamvertised. That might upset a few of their users with links in their signatures to the pyramid-marketing fruitjuice or e-marketing scheme they're trying to sucker people into, but that's not a big deal IMO (every couple of months I get an external sender complaining that we've blocked their mail for what turns out to be just such a URL - we've got thousands of rejections per day that are at least in part due to URIBLs, and that's almost exclusively the kind of "false-positive" I get from URIBLs. I've had the occasional "real business" with polluted lists, but for the most part they're effective and painless. Makes it hard to discuss spam or viruses with the raw URLs though, which I assume is part of why [whatever]CERT munges URLs in its notifications)
/dev/null (which is close enough in practice to what happens in practice for quarantined messages for heavily spammed users), local filtering at the desktop and the like can all result in a recipient never seeing a message and the sender not knowing that it wasn't seen. This is *NOT* your Grandpa's Internet - it's a terrific example of the Tragedy of the Commons, where the spammers and scammers and fuckwits have ruined things for everybody. We can whine about the unfairness of these kinds of measures and their effects, much as we might whine about the unfairness of driving tests or three-day waits to purchase handguns or the limits to the quantity of pseudoephedrine we can purchase over the counter, or we can look at the reasons why such measures might be appropriate and try to find ways to ensure we can work within the limits that are there. You want to drive, spend time at the pistol range or treat your hayfever? Fine, you can do that, but there are some things you need to do to ensure others are protected from arsehats. You want to send mail? Fine, you can do that, but again there may be some things you need to take into account that protect you and others from arsehats too.
I don't consider this censorship - I consider it risk-minimisation. Almost all email that contains a numeric URL is likely to be spam, but probably not all of it - so it makes sense, to me, to block outbound mail that contains either one one of your organisation's DSL IP addresses or the ISP-assigned PTR for that IP address. There are lots of dynamic DNS providers out there, so why not use one of them?
Anyway, in this day and age anyone sending mail with an IP address in a URL needs their head examined - unless they know for a FACT that it will get through to their intended recipient, and they have VERY good reasons to do so. There are lots of different filtering systems out there, and some of them do things that you or I might consider odd or inappropriate. Maybe some organisation's mail system has a spam quarantine system, and messages with numeric URLs go there - along with every other one of the several thousand pieces of junk some users get per week. Who has time to check that? As a result, real messages WILL get lost amongst the garbage. Same deal with local filtering.
At least with a good, honest block (at either your ISP's end, or the recipient's), you *know* there's a problem and can do something about it. Quarantining, routing to
I use an alternate-port SMTP service: my mail doesn't go through my ISP's server. That was after my outgoing mail got blocked and their customer service (I use the term loosely) people couldn't tell me why. I was just told that the problem should "correct itself" in a week or so. Well, it eventually did but by then I'd taken steps to never be in that position again. Now I just poll their mailbox for the occasional notification but I haven't sent a message through my ISP's SMTP server in years.
The higher the technology, the sharper that two-edged sword.
My ISP, Metrocast in Maine and NH, not only forces outgoing port 25 through their mail server, if they decide what you are sending is spam, they delete it without telling you. How about them apples? I asked them if they were gong to tell the rest of the class what they were doing, and their response was that they had "too many customers to send notifications" and "that would make the problem worse". Good thing I have my own mail server and can change the port on it got me and my clients.
In this day and age, with most busy mailservers fending off about 60% of their load as Mass Spam storms, it is almost negligent to allow all of your customers unlimited access to smtp to any destination. Yes, there will always be outcry about 'censorship' and 'big brother'. It's a shame it's not the same crowd that shouts about the torrent of Spam and viruses that comes from high bandwidth, unaware mom & dad users (and us techies too - I can't remember the last Open Relay I saw configured by a mom & dad!) incidentally, scanning for and removing http://ip.ip.ip.ip/ links from Email is a pretty good way of detecting and blocking the outbound phishing attempts that each year result in millions of dollars being drained from the bank accounts of the uninitiated. Censorship is designed to prevent a particular content, subject or message from being propgated. I'm pretty sure you can re-write an Email in such a way as it does not get blocked. I'm pretty sure that if you want to run an SMTP server, you can get permission. if however, you happen to be a virus, you're hopefully s**t out of luck.
The reason we block outbound 25 from dynamic networks that we own is that if we do not, we will inevitably become flooded with complaints about SPAM coming from our network. We know this from experience.
These complaints cannot be ignored. Some folks have a very itchy trigger finger when it comes to submitting you to a RBL list. This is no fun for us or our customers.
It does not matter how "prevalent and justified" the practice is! The fact is that unless there is a specific agreement on the part of users not to send certain content, then blocking their emails based on content is ILLEGAL!
What is wrong with everybody, that they seem to assume that since a corporation is doing it, it must be legal? If your next-door neighbor did this, you would be pissed off and maybe have grounds for a lawsuit! Why should your ISP be any different?
Note here that we are NOT referring to blocking SPAM based on volume, which is justifiably classed as abuse of the email servers. Rather, this is about trying to determine if the email is offensive (or SPAM) by examining its content. Not only is that impossible to do reliably, it is exactly equivalent to someone reading your paper mail to see if it is "worthy" of sending. Would you let any paper mail service, public or private, do that to you? Of course not. Not just no but HELL NO!
Let's make this debate about what it really should be about: corporate censorship in pursuit of profit.
There was a recent article that showed that the performance of anti-virus s/w has got worse over the past year or two. People who think that Windows can be secured are in denial! The basic problem is that it is difficult to run as a limited user. Quickbooks requires administrator rights, I recently came across video capture and editing s/w that requires admin rights (despite Studio running on the same machine perfectly well for limited users). I am sure there are other programs. Yes, I know about "run as", but my claim is that it is difficult.
The real "Libtards" are the Libertarians!
My IS fil ers my o -bound pac ets to many we ites. Ju t make it har er to re d wh t I wri e. I'm a re ly a go d spell er trust me.
Anyone who has set up a LINUX mail server or proxy server or firewall knows:
1. ALL MAIL IS FILTERED. The mail server has multiple configuration files to determine what mail to capture, what mail to relay, etc. The from/to addresses of mail are always read and filtered when it passes through a mail server/relay.
2. Some mail is always blocked (mail from your mail server domain that originated elsewhere).
3. Mail without a legitimate return address should be blocked.
There haven't been any legitimate open mail relays in almost 10 years. SPAM fixed that.
First of all, I hope your spam filter doesn't just delete mails but rather flags them as spam in some way.
Second, should we assume you meant outbound port 25? Because blocking inbound port 25 doesn't really seem very useful and all ISPs I've worked with have either blocked outbound traffic on port 25 (and supplied users with an SMTP relay server) or been extremely anal about any abuse reports.
Speaking of personal experience of handling abuse tickets for an ISP, there's nothing like having to call up an angry customer who just got shut down due to having a zombie box and trying to explain that we will under no circumstances turn his connection back on until he's sent us a copy of a receipt from a reputable computer repair shop indicating that they've cleaned out his computer (since his connection has already been shut down twice prior due to abuse reports), and then they always demand monetary compensation because clearly we have no right to shut them down "without warning" (apparently not reading your (regular) mail is the same thing as no one sending you any).
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Perhaps. But the really annoying thing is that many ISPs will just bounce such an email, with a generic, uninformative mesage "could not send" or the like, leaving the user with no fucking clue as to the problem. Or worse, just silently dropping the message, leaving you to find out days later that your email did not get through.
are you retarded? "spammers" aren't using their home Internet connection to spam the web. They are using own3d servers, botnets, or commercial servers in untouchable regions (russia, china, etc). It's possible that the (pc spamming from the) connection was part of a botnet.. but in that case the owner of the PC would be an unwilling participant, not someone who would actively lie to the security department at their ISP.
I wonder how many here are familiar with Soupy Sales.
Falcon
Should there be a Law?
Cox actively inspects and drops all IAX and SIP traffic as well, I ran a small phone service for a few friends in Las Vegas using IAX/SIP and asterisk.
This service worked great for my friends on Embarq's DSL service, however, after a week or two, all of my friends with Cox could not connect to my asterisk server anymore. I did not see any traffic coming from them at all. If they unplugged their adapters for a week or so, then they could suddenly connect, for a day or two maybe, then they would be off again.
Repeated calls to Cox revealed nothing, their tech support people deny blocking anything, obviously a line they are told to repeat. But they are actively denying access to alternative VoIP services since they launched their own.
...than ISPs who block known troublesome ports with a mechanism in place to allow users who have a need to unblock those ports for their access. As one of the parent posters pointed out, a vast majority of the people who use consumer ISPs like Comcast or Cox don't have a need for unfettered access to making SMTP connections outside of the ISP's network. Those who do have a need can contact customer support or go through a customer service control panel for their account and remove the block. If you think for one moment that there will ever be a time when clueless users are going to get off the Internet simply out of the goodness of their hearts, you need a reality check - the clueless ones have money, and therefore companies who are in the business of taking money in exchange for Internet service will continue to take their money. If you don't think things like blocking known troublesome ports is an effective way to reduce the potential for the spread of viruses, worms and other malware with a minimum of impact to the vast majority of users, then you need to spend more time reading up on network security principles and less time whining on /.
And don't tell me you already know "blah blah blah" about network security principles. If you did, you wouldn't be making the kind of statements that imply that you are "entitled".
-- daecabhir (this mind intentionally left blank)
Umm, no...
Last time I checked, your ISP has to allow port 25 outbound to arbitrary locations (i.e., outside the ISP's network), in order to run an SMTP server (on the Internet at large).
Cox blocks port 25 beyond the ISP's network.
You might be able to set up an SMTP server somewhere else (where port 25 out is allowed), and then send it messages from home (encrypted, most likely) using another port.
Without port 25, though, those messages are going nowhere fast!
The first is that some mail systems - and some mail clients - don't adequately display rejection data that's been passed back to them when the message was refused. Hotmail immediately springs to mind - the rejection data is buried in an attachment that most users won't know to open for diagnostic info, and many users have been actively educated to not open attachments. Gmail does this better - rejection data is displayed in a more usable manner. Sometimes rejection data is adequately displayed in Outlook, sometimes its not. The info could be available to the mail system that creates the non-delivery notification, but for various reasons it might not be visible to the sender of the problem message.
The second is that sometimes the organisation that blocked the message is providing info that's too brief and too cryptic. EVERY rejection my mail system issues contains reasons for the block and an invitation to contact postmaster at my work domain (which is completely unfiltered, apart from virus scanning...). There is no reason, apart from laziness or incompetence, for other mail systems to just say "550 Blocked, Nyah-Nyah!" and leave it at that.
That's just plain evil. I don't drop anything, ever. I'd go so far as to say that only the lazy or incompetent, or a few who have no other choice as a result of the laziness/cheapness/incompetenece of those they work for, do that. However, there are things that can look like messages being dropped, but in fact are not. Anything where a whole lot of suspected crap goes over somewhere where the recipient is expected to check it can look like messages are being dropped - whether it's a server-side separate quarantine, or a "Suspected Spam" folder that's filled by either the server or the user's own mail client. Who the hell reads through all that crap? That's actually one of the reasons why I have rejection messages that are as informative as I can make them - at one time we rejected very little and relied on SpamAssassin scoring at the desktop to shift suspected spam, but that's no good when you have high-scoring-but-legitimate webmail coming from Chinese universities in a folder full of Penis Patch spam. Lots of noise, very little signal, and wanted stuff just got lost. It's far more productive for a couple of senders to get bounces and for me to either help the sender send messages that won't bounce or re-think my filters than for potentially hundreds or thousands of messages to go "missing" because my users are too damn lazy to adequately check their junk before deleting it.
All of which makes it important that senders do everything they can to avoid tripping various tests. Just as you wouldn't send important personal correspondance in an envelope that made the message look like it was from Readers Digest, you should avoid sending email that might look in any way like it's not going to be wanted. Some of us mail admins will do everything we can to help out people who can't communicate with our users, others won't give a flying fsck and won't even tell you that stuff is being lost, but you can avoid the problem all together by thinking carefully about what and how you send. I agree you shouldn't have to, but that's the way things are. No wonder a lot of people (especially younger users) are abandoning email and are moving to that new-fangled IM stuff and some of the social networking sites for keeping up with friends - in some ways, email is just getting too damn hard and too much to think about.
I've been having the outbound email filtering/censoring for several months now. Can't seem to figure out exactly what they are looking for. Something as simple as my local weather report I sent to a friend was blocked. A news article from my local newspaper was blocked. There solution is to forward the email to their automatic spam filtering system. Apparently, if enough people complain about the same thing, there system will learn to not block it. Personally, I'm peeved over the whole thing. I pay for my internet service which includes email service. I didn't sign-up to have them decide what I should and shouldn't be able to send to my friends and family.
So, I'm sorry for having wasted everyone's time. My tin foil hat is a bit tight these days.
The twitter monologues. Click on my homepage and be amazed.
Cox is still overriding irc.mzima.net on my cable modem to point to some weird script. I still have to use its IP to get on it.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
That's great how you're so impressed with Cox, and that going with Cox has worked out so well for you. I tried Cox myself for a little while in Virginia, but it just wasn't doing it for me. But if you like Cox, then who am I to argue?
P.S. Please make sure you ALWAYS express your love for Cox using the written, rather than spoken, word. I'll explain later.
Charter.net (cable) does this on both their residential and commercial accounts. I'll often try to send an abuse report on a recently (within 5 minutes) received spam and have it rejected by charter's outgoing filter. "Alert An error occurred while sending mail. The mail server responded: Message identified as SPAM - Please visit http://www.charter.com/postmaster. Please check the message and try again." Their filters are too stupid to recognize spam being reported, even when the only recipient is abuse@somedomain.
I've used Cox for years but never trusted their MTA. The fact that they block outbound port 25 in an attempt to force use of their SMTP server is all the more reason I did not trust their MTA before, and now that suspicion has been cvalidated.
The solution is very easy. Cox does not block SMTPS (SMTP-SSL), which I've been using for years to avoid their bullshit. I happen to havef a box in a colo with SSL-enabled SMTP server which I send all my mail through. Gmail supports SMTPS as well, and they do allow relaying as you must authenticate first, and they even allow spoofing the From: field after you have proven that is a valid address you own.
So, in short, just another bit of evidence that ISPs are nothing more than a data conduit these days, and they perform poorly even at that. The days of shell accounts, good Usenet access, etc are long gone.
Well, seeing as a majority of spam can be content-filtered, an outbound spam filter that checks content makes perfect sense. The issue is, of course, what values does your ISP hold true, and how ethical are they in preventing spam, vice filtering "questionable content"... If their goal is truly in spam prevention, this type of filtering will hopefully keep grandma and grandpa in blissful ignorance, and will let them go about their daily business without interruption to their service...
Of course for many of us who read Slashdot believe that ignorance is no excuse, and that grandma and grandpa should be taken off the internet until they learn how to take care of a computer... Unfortunately, the market for internet, and the knowledge of the average user is actually very skewed compared to the Slashdot audience. They are also the majority of people online.
Disconnecting customers is throwing money away. Offering free virus removal by trained ISP staff is prohibitively expensive and time consuming, with little Return on Investment. Letting the e-mail through puts the burden on ISP's after the traffic is delivered across major trunks. Filtering actually keeps grandma and grandpa online, while reducing traffic from spam. It makes it a safer and cleaner place for everyone, and it will actually prevent Grandma from sending you a virus, because of her ignorance...
This does of course assume that your ISP is a moral and ethical entity. Your mileage may vary with this type of filtering...
While I'm not happy with most anti-virus s/w myself (and use it only when I actually suspect an infection), there are two things have worked well for me in the last 10 years:
;-)
1) Don't use Microsoft's browsing and e-mail software. It has a horrible track record in terms of security. To be fair, they seem to have improved in the last years - Outlook for instance is no longer executing VB macros when an email merely shows up in the preview
But I still prefer third party software for accessing the internet (Sea Monkey, the former "big" Mozilla suite).
2) Use a router with NAT instead of a modem, and don't forget to set a password for the router. That way, your computer is half-hidden by the NAT mechanism, and incoming hacking attempts will hopefully fail at the router that lacks the vulnerability the hacker tries to exploit in your Windows machine.
C - the footgun of programming languages
You'd need a generally accepted micropayment system first, but I could imagine signing up for an email system that takes 5 cents/email from the sender. That should be sufficient to pay for the operating costs.
;-)
Currently, I'm on a freemailer who spams his customers to pay the bills with the advertising revenue. Getting rid of that would be worth an euro or two per month for me.
Also, the effects on spambot networks and insecure operating systems would be interesting to say the least
C - the footgun of programming languages
This is the 'other' kind of ISP, the one that hosts my websites.
Someone was trying to use one of my 'contact us' forms to send spam, and my ISP caught their spam as it went out and then notified me. I can't imagine better service, in this specific case.
NOTE: This spammer should be an XKCD special; it took them MONTHS to figure out that my URL for generating the email was a POST URL, not a GET URL. Then it took them months, again, to figure out which fields were required. Minimal intervention has stymied them -- I expect them to figure it out about March, so I'll have to do something Clever(TM). Oh yeah, did I mention that in no place on the form is there a place to put an outgoing email? You can only choose from eight different (specific) people for the email to go to. This is truly a Wiley Coyote Super Genius spammer. Oh well, keeping them busy figuring out my website is keeping them from learning how to do actual harm...
Set up Postfix on a server/VPS/whatever somewhere. Enable SSMTP (port 465), and if you want to be real careful, run it on a different port. Reconfigure your mail client to use server as a relay. If your mail client doesn't support SSMTP or alternate ports, run a local postfix with which your mail client communicates, and configure the local Postfix to relay to your offsite server.
Liberty in your lifetime
I work for an email provider that supplies email services to ISPs (as well as loads of SMBs directly). Most of them block port 25 and force the customers to relay mail through our SMTPauth servers for outbound mail, alternatively they can of course access web mail to send.
This does an AMAZING job of limiting spam from these ISPs, but it's not perfect, we still filter outbound mail using standard tools and have rules in place limiting the volume of mail customers may send per hour. That limit is really high for home users and we silently bump-up those limits when customers send loads of legit email, but hitting the limits with legit email is rare. We also restrict users from sending as anyone but themselves, with send-as restrictions.
Customers who need exceptions need only ask their ISP.
Those combined steps block the bots from reaching the internet, and it works really well. I don't believe we've been RBLed because of a bot on a customer's PC. In fact, I have some feedback scripts in place that alerts customers when they run afoul of the filters and it smells like their PC has a bot on it.
The biggest problem we have is scammers, 419ers, work-from-home check fraudsters and other scumbags signing up for those ISPs just to gain access to the SMTPauth and web servers for sending their filth. Short of a bayonette in the throats of these sleazeballs, the only thing we can do is filter on content. If we didn't filter for content, email simply wouldn't flow. SpamCop and all the rest would list our outbound IPs in minutes, and the entire customer base would suffer.
So... instead of just rejecting mail, we filter and hold, collect it, count it up, check the evidence and cancel accounts as they're caught. Normal customers email is filtered, and if held, delivered silently after examination. No warnings, no take-backs, no complaints. WE have had 0 false positives because of the human factor of checking the evidence before cancellation. And we're rarely blocked by RBLs. The only thing left are those gentle customers who decide they want to forward all their mail off to some other provider, and turn off antispam...
If every ISP blocked port 25, used smtpauth, restricted sending addresses and otherwise managed their customer base, the world would be a nicer place because the cost associated with sending massive amounts of spam would skyrocket.
I work for an ISP just outside of the Baton Rouge area and when we notice (or receive complaint of) any time of spam abuse originating from one of our customers, we disable their email address. At that point we call them to let them know they have been flagged as spamming, and we work with them to get the issue resolved (whether they are sending to an address that doesn't want their messages, or they have some type of mal-ware on their machine). Once the issue has been resolved, we turn the customers email address back up. We simply don't filter any outgoing email. Though, I think we are going to contract gmail into doing our emailing due to a few server issues that have been arising, so I don't know how things may change.
Sure, filtering outgoing TCP port 25 makes a lot of sense (though I like AT&T's particular stance on it, which is to give their more clueful subscribers the right to opt out of such filtering). But you originally said that you filter incoming port 25 due to spam concerns... or was that just a typo?
I constantly see spam coming out of Comscat's network
Comscat. Nuf said.
The House Between - Original Sci-Fi Series
I haven't had a single email, legit or otherwise, get through my ISP's spam filter in the past year or so. They provide no option to turn it off and they can't be bothered to fix it.
I thought of running a local mail server, then realised I haven't come across a single situation in that time where I actually _needed_ a fixed email address for more than 5 minutes.
Comment removed based on user account deletion