Antispam Story Spun Into Buzzwords
The story "EarthLink Antispam Measure Trips Some Users" [Computerworld.com, Oct. 26] started out making sense, but by the end it had degenerated into a weird mishmash of buzzwords and FUD terminology with no useful meaning.
"When configuring a firewall, blocking inbound communications on ports 25 and 80 is considered good practice."
This is similar to saying, "When driving a car, turning the steering wheel to the left is considered good practice." Sure, it's good practice if and when you want the car to move to the left. But as a blanket statement, it's silly. Blocking ports 25 and 80 isn't a good practice if you want mail or Web servers on the inside to interact with the outside world. The exception is when public servers are in a DMZ environment, but in those cases the firewall should categorically block all inbound connections.
"A spammer could use Port 25 to send one e-mail with thousands of addresses to an Internet service provider's e-mail server, thereby using the provider's computer power to do its spamming."
None of the ISPs mentioned in this article are blocking Port 25 on their own mail servers. If they did, then neither their customers nor staff would receive another piece of e-mail again. What they are doing is blocking Port 25 on their customers' machines. This prevents spammers from using misconfigured customer machines to relay spam.