Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ISPs could cut spam easily, says expert

Try port 25 blocking, says Trend

Article comments

Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default. Second, tell users when they are spewing spam from compromised PCs.

According to Trend Micro's CTO, Dave Rand, who is leading a campaign to reform the way ISPs approach the matter of botnets and spam, the two countries that adopted such techniques, The Netherlands and Turkey, have seen a huge reduction in the numbers of botnetted PCs.

According to his own figures and analysis, Turkey went from having around 1.7 million compromised PCs per month to only 35,000 after implementing techniques through its major ISP, Turk Telekom.

"They went from the number one spam source in the world to off the charts, said Rand. "They don't appear in the top 50 now."

The Netherlands used similar techniques - including recently mandating that ISPs must inform users when their PCs are suspected of sending spam - and now has one of the lowest botnet infection levels in Western Europe, said Rand.

In the UK, Rand estimated that there were 3-4 million spam zombies, not including business PCs hidden from statistic-gatherers by NAT firewalls. Blocking port 25 and contacting compromised subscribers in the country would reduce the volume of spam by around 20 million spam messages per month, which sounds modest when you consider that the total volume for an average ISP is perhaps 1 billion bogus emails.

Most spam through UK ISPs still comes from countries. According to Rand, the real benefit would only start to show itself when implemented on a global scale.

So why don't ISP's embrace such simple reforms? "It's the fear that it will collapse. Guess what? Nobody complained," said Rand of the experiments with the approach to date.

Port 25 is useful if you happen to be connecting to a remote email server, but would not apply to the vast majority of an ISP's own users who connect to mail servers on internal ports, and would not be affected by such blocking. Meanwhile, the spammers who thrive on port 25 by hijacking PCs which are then used to send out huge amounts of spam through it would find their preferred channel cut off.

One problem is that having migrated from fixed servers to open relays and proxies and then to compromised botnet PCs, spammers have spotted some of this coming. A common technique is to create bogus webmail accounts on hosted services such as Google, which exist only as long as needed to send out spam. Once the ISP closes these down, new ones are created to replace them.

Rand remains convinced, however, that cleansing the millions upon millions of infected PCs would pay back in terms of the wider security of those machines, not just their use as spam sending bots.

He believed that in the UK there should be a specific regulation forcing "ISPs to notify customers that they are compromised," something that was trivial to determine from traffic patterns. "If the ISP doesn't back responsibility, we are never going to solve this," he said.

He predicted that such techniques would become established practice by 2013, and knew of unnamed ISPs that were looking at port 25 blocking in the near future.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *