[olug] Cox and port 25

William E. Kempf wekempf at cox.net
Mon Jun 30 15:13:32 UTC 2003 

Jay Hannah said:
> "William E. Kempf" wrote:
>> Unfortunately, in my own situation I'm technically already in
>> violation of my contract with Cox, by running Postfix.  See
>> http://support.cox.net/custsup/policies/acceptableuse.shtml#aup_6.
>
> Aren't we all? -grin- I've been in a "don't ask, don't tell"
> relationship with every ISP I've had for 10 years. Their AUP gives them
> legal recourse to act in case I'm doing something really nasty with my
> "Server". If they didn't have a clause like that they'd have no clear
> legal case to shut me down, if (say), I decided to run multiple
> massively multiplayer online game servers on their network.

Ahem.  Wrong!

What's they true issue here?  There are 2.  One is a user taking up too
much bandwidth.  Restricting servers is legally shaky to cover this
problem.  First, what's a server?  There's no legal definition that I'm
aware of, and programs can blur even the technical (as in computer
science) definitions.  For instance, it's hard to classify what Napster
was.  And what about IMs?  Second, client programs can easily chew up as
much bandwidth as a server, depending on the use of both.  So a contract
agreement written to restrict the use of servers in order to deal with
bandwidth issues won't work, at best, and may hold no legal weight. 
Better to put in clauses about bandwidth, and maybe even control this
through technical means.  Corporations throttle bandwidth usage, for
instance.

The other reasons they'd have such a clause is to prevent commercial use
on non-commercial accounts.  But even that makes little sense, so
commercial use is already prohibited.

I can understand why a company would niavely create such contracts, but
they really should rethink the decision!

> As long as you're (we're) not hurting anything, or sucking up their
> bandwidth, they don't care. We continue to live in a truce where they
> have the final, legal veto, as they should to protect themselves from
> abusive customers without getting sued.

I'm not convinced they have the final "legal veto".  I believe that if I
had the desire and the cash, I could take them to court over this and
prevail.

> (They can't *just* go by a bandwidth stipulation, because a porn/warez
> downloading fiend probably doesn't have a "server", but still clogs
> their network. Multiple clauses, multiple protections from unruly
> customers.)

Uhmm... you just made my case for me. ;)

> "William E. Kempf" wrote:
>> Port blocking isn't going to slow spammers down.  As
>> pointed out for the "solution" to our legitimate problems, the
>> spammers can simply use port forwarding and other such hacks to
>> continue.
>
> I don't agree. 99.99% of SMTP servers run on port 25. Blocking port 25
> outbound makes 99% of Cox's Internet address space unusable for spam
> propogation (intentional, hijacked, or open relays). Spammers inside
> Cox's netblocks are then forced to abuse Cox's SMTP gateways which
> (hopefully) they'll be aggressively monitoring for abuse (or all of this
> is a mute point). Spammers only other option is to go to another ISP.

It won't take much for the spammers to continue to relay through Cox. 
Case in point, *if* my system were used as a relay prior to this, it will
still be used as a relay now, as my system is set up to use Cox as a
gateway.  It may be a little easier for them to trace the problem back to
*me*, but that doesn't get them any closer to the spammer, nor stop the
spammer from using them.  I could provide a worm that allowed me to
exploit Cox customer's computers in this manner with little effort.

>> And that assumes that all ISPs do the same port blocking, otherwise,
>> they'll just use some other ISP (which Cox may think is a good thing,
>> but doesn't mean a hill of beans to me, the customer).  PORT BLOCKING
>> IS NOT A SOLUTION.
>
> Indeed. They'll scurry off to another ISP. But with every step in the
> right direction, there are fewer and fewer places for spammers to hide.
> Cox just took millions of IPs out of the spammer's sandbox. What's left
> for the spammers to play in is blacklisted more and more, as it should
> be.

Again, they didn't take any IPs out.  They locked a door, but left a
window open.

> At the same time, I'm not a fan of Big Brother or sweeping actions from
> monopolies. Cox chose what they chose. Customers may choose to come or
> go to or from them because of it. Cox may choose to reverse their
> decision. The spam struggle marches on.

Unfortunately, there's nothing for me to go to, or I would.

> Spam is bad. Eventually natural selection will work through the problem
> of stomping it. People have a tendency to figure out the important stuff
> eventually. Action and reaction.

Spam won't go away, and will only be drastically curtailed when we drop
the current protocols and design something new from the ground up, that
can be secured.

>> It's not even really a useful stop gap.  You want to stop spam, we
>> either need laws (and some way to enforce them), or a new protocol.
>
> Laws are good too. Just make sure to vote for congressmen and senator
> who are striving to implement the right laws (OPT IN) not the very, very
> wrong ones (OPT OUT).
>
>    http://www.cauce.org/

Laws are useless, if you can't enforce them. ;)

-- 
William E. Kempf

More information about the OLUG mailing list