How Pervasive is ISP Outbound Email Filtering?

Erris writes "A member of the Baton Rouge LUG noticed that Cox checks the text of outgoing email and rejects mail containing key phrases. I was aware of forced inbox filtering that has caused problems and been abused by other ISPs in China and in the US. I've also read about forced use of ISP SMTP and outbound throttling, but did not know they outbound filtered as well. How prevalent and justified is this practice? Wouldn't it be better to cut off people with infected computers than to censor the internet?"

You know, that block actually sounds reasonable...

[Mr.+Roadkill]

If what was blocked was a URL that contained his home IP address, then yes, that sounds more than reasonable to me. Hell, it makes sense for ISPs to not only block outbound email that contains a link to IP addresses in their own DSL ranges but also to IP addresses listed as dynamic by various RBLs - as a mail admin at a University, who sees all kinds of problems caused by crap coming out of ISP mail relays, I applaud this effort. Maybe they should start looking at using a few URIBLs to filter outbound mail too, as that would catch things that have been picked up elsewhere as being spamvertised. That might upset a few of their users with links in their signatures to the pyramid-marketing fruitjuice or e-marketing scheme they're trying to sucker people into, but that's not a big deal IMO (every couple of months I get an external sender complaining that we've blocked their mail for what turns out to be just such a URL - we've got thousands of rejections per day that are at least in part due to URIBLs, and that's almost exclusively the kind of "false-positive" I get from URIBLs. I've had the occasional "real business" with polluted lists, but for the most part they're effective and painless. Makes it hard to discuss spam or viruses with the raw URLs though, which I assume is part of why [whatever]CERT munges URLs in its notifications)

I don't consider this censorship - I consider it risk-minimisation. Almost all email that contains a numeric URL is likely to be spam, but probably not all of it - so it makes sense, to me, to block outbound mail that contains either one one of your organisation's DSL IP addresses or the ISP-assigned PTR for that IP address. There are lots of dynamic DNS providers out there, so why not use one of them?

Anyway, in this day and age anyone sending mail with an IP address in a URL needs their head examined - unless they know for a FACT that it will get through to their intended recipient, and they have VERY good reasons to do so. There are lots of different filtering systems out there, and some of them do things that you or I might consider odd or inappropriate. Maybe some organisation's mail system has a spam quarantine system, and messages with numeric URLs go there - along with every other one of the several thousand pieces of junk some users get per week. Who has time to check that? As a result, real messages WILL get lost amongst the garbage. Same deal with local filtering.

At least with a good, honest block (at either your ISP's end, or the recipient's), you *know* there's a problem and can do something about it. Quarantining, routing to /dev/null (which is close enough in practice to what happens in practice for quarantined messages for heavily spammed users), local filtering at the desktop and the like can all result in a recipient never seeing a message and the sender not knowing that it wasn't seen. This is *NOT* your Grandpa's Internet - it's a terrific example of the Tragedy of the Commons, where the spammers and scammers and fuckwits have ruined things for everybody. We can whine about the unfairness of these kinds of measures and their effects, much as we might whine about the unfairness of driving tests or three-day waits to purchase handguns or the limits to the quantity of pseudoephedrine we can purchase over the counter, or we can look at the reasons why such measures might be appropriate and try to find ways to ensure we can work within the limits that are there. You want to drive, spend time at the pistol range or treat your hayfever? Fine, you can do that, but there are some things you need to do to ensure others are protected from arsehats. You want to send mail? Fine, you can do that, but again there may be some things you need to take into account that protect you and others from arsehats too.

Re:Not Comcast

[STrinity]

They decided to tell me that they could as a ONE TIME courtesy re-open the port, but 'it will probably be blocked again because the problem that caused it to be blocked probably wasn't fixed' (even after I told them that I had found the problem and fixed it, in addition to monitored all transmissions over port 25 for an hour)...

Which is exactly what a spammer would say. I would say that Comcast is justified in their actions -- spammers deserve no quarter, and if a few innocents must fall in the war against them, I can live with it.