How Pervasive is ISP Outbound Email Filtering?

← Back to Stories (view on slashdot.org)

How Pervasive is ISP Outbound Email Filtering?

Posted by Zonk on Thursday January 31, 2008 @10:18AM from the making-me-nervous dept.

Erris writes "A member of the Baton Rouge LUG noticed that Cox checks the text of outgoing email and rejects mail containing key phrases. I was aware of forced inbox filtering that has caused problems and been abused by other ISPs in China and in the US. I've also read about forced use of ISP SMTP and outbound throttling, but did not know they outbound filtered as well. How prevalent and justified is this practice? Wouldn't it be better to cut off people with infected computers than to censor the internet?"

4 of 281 comments (clear)

Min score:

Reason:

Sort:

Re:Not Comcast by Bender+Unit+22 · 2008-01-31 10:42 · Score: 5, Insightful

I'd say that every ISP should do that, that is, if you could get it unblocked if you requested it or via some online account management.
99% of all people wouldn't need it anyway(except the bots on their machines) and the ones who do, would know how to open it. Of course it is a not the ideal way to solve the problem, but it's all we got for now.
Kudos to Cox Communications by merc · 2008-01-31 10:47 · Score: 5, Informative

I would like to first state that I am a Cox cable internet subscriber in the Phoenix area. I also happen to wear the abuse desk hat for Arizona's oldest ISPs.

I can say without question that the amount of spam we get from cox is almost NIL. I constantly see spam coming out of Comscat's network, also Verizon and from time to time Time Warner but RARELY Cox. In fact I can't remember the last spam I received that originated from their network.

I don't mind that my egress SMTP port is blocked forcing me to use a MSA (mine is configured to use SMTP AUTH with TLS, which works nicely). The fact is that Cox has their act together in my opinion. The fact that they are a white hat in the abuse category makes me want to continue doing business with them. I don't think what you're seeing here is intentional censorship. It would actually be irresponsible for Cox not to filter outbound mail traffic, since they are bound to have customers that run malware infected / zombied host computers.

Anyway, I say "good job Cox" :)

P.S. I work for an ISP that is NOT Cox--which one might think after reading my glowing statements (in fact we compete against Cox)

--
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Re:Not Comcast by squallbsr · 2008-01-31 10:52 · Score: 5, Interesting

I also have Comcast, I was able to send email over SMTP (port 25) any time I pleased. That was until my brother decided to bring over his virus ridden, spam spewing, zombified windows machine over and hook it up to my network (while he was house sitting). They promptly blocked port 25, I got home and couldn't send email.

I had to call their very rude Security Something Department, they said my options were
1. 'Use a different port because other ports can be secured while port 25 cannot be secured.'
2. Use the Comcast alternate port SMTP-AUTH Server (of which I don't know my login/password for)

I told them I wanted option 3:
3. Re-open port 25.

They decided to tell me that they could as a ONE TIME courtesy re-open the port, but 'it will probably be blocked again because the problem that caused it to be blocked probably wasn't fixed' (even after I told them that I had found the problem and fixed it, in addition to monitored all transmissions over port 25 for an hour)... So I fixed my OpenBSD firewall pf rules to only allow 'trusted' computers to only be able to contact MY email server, and access the whole internet unfettered, the 'guest' machines have access to web and a handful of other ports (none of which is 25)...

Moral of the story: Stop using windows... /flamebait

--
Sleep: A completely inadequate substitution for Caffeine.
You forgot about the US government by soren100 · 2008-01-31 11:53 · Score: 5, Insightful

However, filtering also raises the "you are now liable for what they say to an extent" issue that the whole Safe Harbor thing was suppose to fix for ISPs and could definately cost a huge pile more than just cutting access and losing customers. People have raised that idea as wel about AT&Ts plan to filter their network for copyrighted material.

The answer I have to that is "9/11 Changed Everything".

Seriously -- when the US government asked the telcos to commit surveillance crimes against the US citizens, only Qwest refused. Usually, breaking the law is a bad thing, but the US government was offering lots of money to the telcos, and presumably the promise not to prosecute. So the only company that got in trouble was the one following the law. And somehow the Qwest CEO that refused the deal ended up in jail. Meanwhile Dick Cheney is desperately trying to get immunity for the cooperating telcos for their crimes. See how that works?

So on the surface of things scanning and filtering our email might seem to be a bad busines move. But if the same US Government that got illegal telephone surveillance of US Citizens is also going for illegal surveillance of our emails, email filtering starts to make much more business sense.

It used to be that the idea of the US government secretly finding out what was in your emails was in the tin-foil hat realm. But the illegal surveillance of telephone calls would have been as well, along with secretly torturing people in secret overseas prisons. As well as "constitution-free" zones such as Gitmo that are paid for by US taxpayer dollars.

So if you have a government that scans your telephone calls, email, and web-surfing habits, you get very close to a goal of "total information awareness", which was one of the government's programs that was renamed and shuffled around after the public got very upset.