[Cryptography] STARTTLS, was IAB Statement on Internet Confidentiality
John Levine
johnl at iecc.com
Tue Nov 18 19:50:10 EST 2014
>> Am I really the only person here who is interested in what actually
>> happened, as opposed to what hypothetically might happen on some
>> non-existent network at some time in the unknown future?
Hmmn. Apparently the answer is "yes".
A few seconds of googlage finds this article, which after you skip
over the breathless bits, tells us that this was port 25 on Cricket
Wireless, a prepaid mobile subsidiary of AT&T, i.e., a consumer
network without static IP addresses or mail servers.
http://arstechnica.com/tech-policy/2014/11/condemnation-mounts-against-isp-that-sabotaged-users-e-mail-encryption/
Blocking port 25 on consumer networks to prevent outgoing spam, with
real mail submitted on port 587 with authentication, has been an ISP
best practice for over a decade. Here, for example, is a
recommendation on the topic that MAAWG published in 2005:
https://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf
Some large networks, notably Comcast, experimented with rate limiting
or filtering post 25 back in the early 2000s, on the assumption that
there would be fewer support calls than they'd get with outright
blocks. That turned out to be wrong; when they turned on blocking
they got a spike of calls for a few days while people got their mail
programs reconfigured, then the calls and the spam complaints
disappeared. The question here is how a part of AT&T a decade later
didn't get the memo.
R's,
John
PS: Some years ago I was talking to someone who worked at the EFF who
proudly told me that she had no spam filters at all, and manually
deleted 3000 spams a day from her inbox. which her management
apparently considered to be productive work. Doesn't seem like their
understanding of spam problems has changed much.
More information about the cryptography
mailing list