Wednesday, May 13, 2009

All About Email: Why can't I always send messages?

You may sometimes find that you can't send mail from home computer or workstation at the office. Or, if you have a laptop, you can send messages from your office or an Internet cafe, but you can't send them from home. What causes these problems sending mail? In many cases, it's actually your ISP blocking you!

Bryan Allen, Pobox Operations Head, is back with a look into the spam-fighting world, and how it can spill into your world, blocking your attempts to send mail.
In the last decade, the spam industry has garnered most of its resources through compromising and controlling your standard home PC. Most home PCs are not kept up-to-date by their owners (software updates are frequently made to fix security problems), aren't secured from network connections in any way, and are thus easy targets for takeover by spammers.

A computer being controlled in this manner is called a zombie, or bot. When an individual or group controls enough machines (almost always without the owners' knowledge), you may hear it referred to as a "botnet."

In the old days of the Wild West Internet, nefarious computer enthusiasts would utilize botnets to stage attacks against servers they didn't like, or each other. Nowadays, spamming is big money (it is, in every sense, an industry), so that's what most bots end up being used for.

Sending spam in volume is extremely problematic for ISPs and other providers. Bandwidth costs money, other users trying to utilize the network resources being consumed by bots relaying spam are impacted, and the provider's reputation is hurt, so it is more difficult for them to send legitimate mail to other service providers.

To try to prevent spammers from abusing their networks, network administrators will block outbound mail to everywhere except their own outbound mail servers. This way, they can control the total amount of mail you're sending, and verify using their own antispam that your mail isn't spam -- before it leaves their network.

Mail is sent using the Simple Message Transfer Protocol (SMTP), which is run across TCP port 25. So when network admins block mail, they're actually dropping any outbound connections to port 25.

The Pobox SMTP servers require customers to authenticate using their Pobox account. We also run our own antispam suite against any mail going out through our servers, and we limit the number of messages that can be sent over a given period of time. We do all of this for the same reason ISPs do: To protect our IP reputation and ensure we can always send legitimate mail to other providers.

Given that we take care in relaying customer mail in this manner (and that there are a few antispam features we provide that require mail be relayed through our servers), we provide extra ports to work around ISPs blocking the default SMTP port out of their network. Those are defined in our help section.

So while it can be something of an inconvenience to have to do some extra configuration in your mail client to send mail through us, your ISP has some very good reasons for blocking that traffic at their border.

As an aside, the outbound SMTP block is very similar to another issue which was very common about a decade ago. There were a swath of vulnerabilities in the NetBIOS/CIFS/SMB services on the Windows platform, and to stop systems getting infected, most providers and institutions blocked inbound and outbound traffic to those services. Those ports are still blocked everywhere, as those services are still common vectors for attack. For instance, the Conficker worm, which has gotten a lot of press recently, uses them.

Once a vulnerability is identified, it is almost always going to be abused by someone as long as the platform or service continues to exist. For certain platforms, even N iterations and years down the line, problematic services will continue to be problematic. Nothing on the Internet ever dies. Spammer botnets and blocked outbound port 25 are here to stay.
Thanks, Bryan!

----

Network admins try to fight email crimes. Now the Detroit police is trying to use email to fight real-world crimes.

1 comment:

  1. You can check if your ISP is blocking outbound port 25 by running the online test at http://port25.icannotconnect.com or http://smtp.icannotconnect.com

    ReplyDelete