South Korea to block port 25 as anti-spam countermeasure

South Korea to block port 25 as anti-spam countermeasure

Summary: South Korea is considering a nation wide block of port 25, as a anti-spam countermeasure aiming to reduce the volumes of spam affecting the country.

SHARE:

South Korea is considering a nation wide block of port 25, as a anti-spam countermeasure aiming to reduce the volumes of spam affecting the country.

The ban, set to go in effect as of December, will replace port 25 with port 587 and 465 for SMTPS.

Why is this initiative prone to fail?

Mostly because of the way modern malware and spam networks operate. For instance, modern malware has built-in SMTP engines that are port-independent. Moreover, geolocated and malware-infected hosts within South Korea could be automatically updated using the new specs in a matter of seconds, once again continuing the abuse of legitimate networks, while playing by the newly introduced rules.

Spamming through web-based email is yet another way for cybercriminals to bypass the newly introduced regulations. Once the CAPTCHA-solving process for popular free web-based email providers has been outsourced to Indian providers of CAPTCHA-solving services, thousands of newly registered emails will be automatically used for outgoing spamming purposes, once again successfully bypassing the newly introduced regulation.

What do you think? Would the blocking of port 25 reduce the levels of spam significantly, or is the initiative prone to fail?

Talkback.

Topics: Malware, Collaboration, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • RE: South Korea to block port 25 as anti-spam countermeasure

    South Korea has been reading to much advice on facebook.... well hacked
    dragon@...
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Weird. Judging by the illustration, birds are using computers.
    ESoyke
    • RE: South Korea to block port 25 as anti-spam countermeasure

      @ESoyke that is what people turn in to when they use Twitter too much
      ccsalway
    • RE: South Korea to block port 25 as anti-spam countermeasure

      @ESoyke @ccsalway thanks for the lols - i think this SKorea security concept is for the birds; to me it's like Walmart saying geez, so many people are walking out without paying through our doors, we better install a new set of doors!
      neivomonid
  • RE: South Korea to block port 25 as anti-spam countermeasure

    i think they should bock all the other ports while they are at it and solve the problem once and for all!
    doh123
  • RE: South Korea to block port 25 as anti-spam countermeasure

    A far simpler partial solution would be for 'free' webmail accounts to be limited to a couple of dozen outgoing addresses a day.
    If spammers had to pay for the services they use, and those services were promptly disabled when spam was reported, it would very soon become much less lucrative.
    bicyclerepairman
    • RE: South Korea to block port 25 as anti-spam countermeasure

      @bicyclerepairman

      You can frustrate spammers by limiting them to a couple dozen outgoing emails [i]per hour[/i]. They're trying to move millions of them.



      :)
      none none
  • RE: South Korea to block port 25 as anti-spam countermeasure

    South Korea might cut down spam considerably if a) if it moved away from requiring every banking and government site to install activex controls b) convinced users to upgrade from IE6.
    mindme
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Do they honestly think that this will block anything at all? In a matter of minutes, the creeps that manage to bypass every Antivirus program and Microsoft's programmers best attempts to prevent infections, will have a work-around.
    bonafide49
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Unplug every computer. You know, that old "physical layer" solution? That keeps 'em real secure!
    geek49203_z
  • How can they do that?

    How can they block port 25 in the whole nation? Is there a Great Firewall of South Korea?
    fogbank
    • RE: South Korea to block port 25 as anti-spam countermeasure

      @fogbank There are obviously the main lines joining the country to the rest of the world. So you just need to block the port at the main ISP's.
      ccsalway
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Not an outright ridiculous solution... It will mean any currently active spams will be stopped.

    However, it will mean that any new spam attacks will now have to check two ports depending on where it is in the world. Which will mean an increase in traffic across the Internet and potentially causing more harm than good.
    ccsalway
  • Irony

    Oh the irony. The talkback portion of an article about blocking spam is spammed.....
    Kinda all seems hopeless.
    harrim47
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Where did you get this information? I couldn't find out it, even through I am living in Korea.
    Happy Ray
  • RE: South Korea to block port 25 as anti-spam countermeasure

    As a matter of fact we, at TP CERT, don???t think that the Port 25 initiative is going to fail. The reason is simple ??? we implemented it almost 2 years ago on a mass market level within Telekomunikacja Polska (Polish national telecom) network, covering ca. 2 mln network peers, that translates into more than 30% of the whole internet community in Poland. During the preparation phase a lot of people shared your thoughts and we had a lot of fight with the other IT&N security professionals. Eventually we reached the conclusion, which was vital for the proper implementation, as the lack of help of the biggest e-mail providers could make the whole project much tougher to succeed. The result was even more than we expected ??? during the first day mass market spam originating from our network dropped by... 99,9%, very soon we got out of the world???s top spamming ASN???s and we???re definitely not planning to rejoin the group. The port-indepent spam did actually arise, however it was per mill according to what we blocked.
    So ??? to summarize it ??? Korean project definitely has a strong ground to succeed and ??? as the authors of the similar, succesful one ??? we wish them all the best.
    M_R_S
  • RE: South Korea to block port 25 as anti-spam countermeasure

    Hi M_R_S,

    Thanks for that feedback, very interesting to have experience over speculation.

    However, just to follow up, how DID people get around these potentially job impairing issues?
    - Were small companies able to keep their own mail servers up and running?
    - Were remote [home] workers able to still securely connect to their work network?
    - Was there issues that had to be accommodated?
    - Did you simply let those who had an issue leave and find a different provider?
    In short, what were the biggest difficulties faced by the end user, and how were they overcome?

    Many thanks!
    2WiReD
    • RE: South Korea to block port 25 as anti-spam countermeasure

      @2WiReD: Sorry it took my that long, I just forgot for a while that I shared our practices here :) The change didn't pose any problems for the companies, they just had either to reconfigure the servers, so they could send the e-mail using the other port, or choose "no protection" option (protection was turned on by default, opt-out percentage was marginal). It didn't have anything to do with the remote connection, and the most important issues were to overcome the initial resistance within the IT environment. At the end most of those people praised the solution. Regarding your last question - there were no issues, as everyone could easily opt out of the given protection.
      Happy New Year everyone :)
      M_R_S