South Korea proposes restricting all e-mail sending to official e-mail servers

South Korea proposes restricting all e-mail sending to official e-mail servers

Summary: The proposed South Korean policy, Block 25, is meant to stop spam, but will it? Really?

SHARE:

This old mail box will still be spilled with spam even with blocking port 25

This old mail box will still be filled with spam even with blocking port 25

According to the BBC, South Korea's Internet and Security Agency is asking all ISPs to block all e-mail sent from anything but “official” e-mail servers. The idea is to block spam, but will it really accomplish this goal?

It's not like this is a new idea. The Anti-Spam Technical Alliance proposed it as a best e-mail practice for ISPs in 2004. It's a simple idea. If an ISP blocks the default Simple Mail Transport Protocol (SMTP) port, Port 25, from sending e-mail messages, users will be forced to use their ISP's mail servers. This, in turn, the theory, goes will magically stop spam.

ISPs loved this idea. Today, most ISPs already ready block port 25. AT&T, Comcast and Verizon to name only three already do this. In practice what this means is that unless you have a static Internet Protocol (IP) address chances are you must use your ISP's official e-mail server to send mail out.

Yep, it's already a popular, frequently implemented idea. Too bad it doesn't work. As you may have noticed, your e-mail box is still filled with spam. True, spam isn't as bad today as it was in 2010, but according to Cisco IronPort SenderBase Security Network, 84 to 85% of all e-mail is still spam.

The reason for this decline wasn't because port 25 was being blocked. No, most of the credit goes to the Windows-based Rustock botnet being taken down earlier this year.

Why isn't port 25 blocking working? It's because simply blocking port 25 is like putting a My Little Pony band-aid on a severed leg. There are numerous ways for a botnet-infected Windows PCs—the source of most spam—to still send spam out without using port 25. These including simply using SOCKS proxy servers and the other SMTP port, Secure SMTP (SSMTP) - port 465. In addition, spammers are moving from Windows PC botnets to compromised Web-mail accounts.

Richi Jennings, an independent e-mail analyst and writer, adds, “ISPs should do so much more, for example:

    Co-operating with reputation services that list IP ranges that have no business sending unauthenticated direct-to-MX, such as Spamhaus’ Policy Block List (PBL).

    Recording the volumes of outbound port 25 traffic from particular users — a sharp increase from the historical trend can indicate infection.

    Monitoring blocked attempts to use port 25 to outside MTAs [message transfer agents] — another indication of infection.

    Moving infected PCs into a "walled garden," which prevents them from sending email, surfing the Web, or using other Internet applications until the problem has been cleaned up.

These are all good ideas, and far too few ISPs implement any of them. In short, South Korea's move may sound dramatic, but the Internet and Security Agency is just proposing a step that most ISPs already took years ago... and has proven to be woefully inadequate. We need far more.

Last year, I suggested that ISPs start using Network Access Control (NAC) to block users off the Internet if they were running insecure devices, such as Windows PCs without current security patches. If we're to ever really put a serious dent into spam traffic, not to mention the spread of malware, we still need to do this.

Blocking port 25? Please. It's a nice start, but nothing like enough. 

Related Stories:

The carbon footprint of spam (infographic)

Facebook Immune System checks 25 billion actions every day

Spamvertised 'Cancellation of the package delivery' emails serving malware

'Steve Jobs Alive!' emails lead to exploits and malware iPhone 5 themed emails serve Windows malware

Topics: Collaboration, Browser, Security, Servers, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • The problem is academic and can be fixed by

    locking down the sender id field in the now ancient RFC 822.

    How? PGP or GPG encrypted signed headers would allow isps to detect signed certs and shunt email off-line which does not conform to a new Federally mandated encrypted email format standard.

    To be successful, adoption would have to be universal.
    At the same time spam is reduced, privacy is gained.
    Dietrich T. Schmitz *Your
    • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

      @Diddly T. Schmutz * Your Linux Advocate

      So.....

      Every ISP in the world needs to obey U.S Federal standards? Funny, I would have thought someone who claims to be a Linux advocate would want a free system with no one country dictating standards...
      aep528
      • The standard quoted is not...

        @aep528
        ...a "U.S Federal standard". Since it's an RFC, I think we can safely assume that it was formulated by the IETF, which is the private organization charged with maintaining the TCP/IP protocol suite.
        John L. Ries
      • A mind

        @aep528 is a terrible thing to waste. Educate yourself.
        Dietrich T. Schmitz *Your
  • RE: Nook Tablet (photos)

    http://url188.com/1065
    http://url188.com/1065
    gfhrtw
  • dsgdsgd

    http://url188.com/1066
    hgkhgkh
    • It's everywhere

      See? Here's more spam right now.
      Robert Hahn
  • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

    Blocking port 25, and Spamhaus like lists bring a extra cost to small companies (paying for the fixed IP, or rent the MX from ISP), and a lot of problems if they don't.

    End result less spam? Not really.
    JoniFili
  • I think it's overkill

    Regardless, if S. Korea wants such a policy, the proper thing would be for the National Assembly to pass a law, not for a government agency to "ask" ISP's to do something they're not legally required to.
    John L. Ries
    • You're right to an extent, but, the National Assembly still sounds like

      government to me.

      Why not let the private sector to figure it out on their own?
      adornoe
      • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

        @adornoe@...

        Private sector figure it out on their own??? Like they have after decades of the internet.

        So SPAM is nto an issue in the US cause private enterprise is so great!!!
        richardw66
      • That would be S. Korea's decision

        @adornoe@... <br>You may be right that this is better dealt with by Korean ISPs on their own, but assuming that the S. Korean government (in the European sense; what we Americans call an "administration") decide to deal with the issue themselves, they should propose a bill to the National Assembly, rather than writing a regulation or relying on voluntary compliance. That way, the proposed rules can be properly and publicly debated.<br><br>And yes, a U.S. network neutrality mandate should have been debated in Congress in exactly the same way. If Congress had debated and resolved the issue, rather than the FCC, we probably wouldn't still be fighting about it.
        John L. Ries
      • richardw66: We always end up winning by keeping government out of our daily

        lives.

        The more government gets involved in anything, we always end up with more regulations and more restrictions and higher prices.

        You can be sure that, if government were to actually get involved in blocking of spam, even if the ISPs were the ultimate blockers, that government would come up with an internet tax to pay for the agency task force that would have oversight over the regulations and the ISPs' compliance with those regulations.

        It would get even worse in the U.S., where our congress-critters are a lot more regulations-happy. Besides, if it were to happen in the U.S., you can bet that it would be used as a stepping stone towards more regulations.

        So, no thanks!

        We've been doing quite well without government's intervention.
        adornoe
        • John L. Ries:You might be right on both points, but, it's always preferable

          to keep government as far away from our internet and our daily lives as possible.
          adornoe
  • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

    The bigger problem to my mind is the phrase "official e-mail servers".
    To us here in the US, that means servers at recognized locations like ISPs and mojor corporations. Yes, that would cause problems, and add on extra costs to small businesses that are already being stressed by the economy.
    But in a lot of the rest of the world, that could easily translate as "government run servers", in which case SPAM is not the ONLY thing I would expect to get filtered out.
    VBJackson
  • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

    If they shoot all the spammers, maybe people would stop spamming...
    bb_apptix
    • RE: South Korea proposes restricting all e-mail sending to official e-mail servers

      @bb_apptix

      That is why there is a 0% violent crime rate in states with the death penalty.

      </sarcasm>
      richardw66
      • He didn't say anything about the general crime rate; just the spammers.

        A dead spammer wouldn't be available to spam some more.

        But still, that's a very drastic action.

        Perhaps something a little bit more humane, like "No internet for you!".
        adornoe
      • Adornoe: You mean...

        @richardw66 <br>...big bad government (aka the courts) should decide who's allowed to get on the Internet? I'm guessing that you don't see spam as a legitimate enterprise (nor do I, but I'm not a libertarian by any stretch).<br><br>Reply to Adornoe:<br><br>The whole country has a constitutional right to be on the Internet? Chapter and verse please!<br><br>Freedom of speech and the press are, of course, guaranteed under the constitution, but one can do both without the Internet and I can think of several crimes that would warrant barring those convicted from the Internet, including spamming. Besides, you're the one that suggested "no internet for you". From what you say below, one might infer that any laws that would bar people from the Internet as punishment for a crime would be constitutionally suspect.<br><br>Your final comment is both irrelevant and false.
        John L. Ries
      • John L. Ries: Completely wrong!

        It's not up to the courts to decide who gets on the internet. That issue was already decided under the constitution, and the whole citizenry won that right. It's about freedom of speech and freedom of the press. The courts can't rule on that, but, they can be the arbiters in any disputes.
        <br><br>
        BTW, it's already legal for people to lose some of their rights if they choose to violate the laws of the land, and millions of people have lost their rights as citizens when they commit felonies. Spam might not get classified as a felony, but, there should be penalties for making life difficult for the rest of society.

        <br><br>And, hey, who are you kidding? You're a democrat, and you see things the same way the democrat leadership does.
        adornoe