[Cryptography] STARTTLS, was IAB Statement on Internet Confidentiality
tom at ritter.vg
Wed Nov 19 09:59:44 EST 2014
On 18 November 2014 18:50, John Levine <johnl at iecc.com> wrote:
>>> Am I really the only person here who is interested in what actually
>>> happened, as opposed to what hypothetically might happen on some
>>> non-existent network at some time in the unknown future?
> Hmmn. Apparently the answer is "yes".
Or we tend to skip over threads with a low fact:opinion ratio ;)
> A few seconds of googlage finds this article, which after you skip
> over the breathless bits, tells us that this was port 25 on Cricket
> Wireless, a prepaid mobile subsidiary of AT&T, i.e., a consumer
> network without static IP addresses or mail servers.
> Blocking port 25 on consumer networks to prevent outgoing spam, with
> real mail submitted on port 587 with authentication, has been an ISP
> best practice for over a decade. Here, for example, is a
> recommendation on the topic that MAAWG published in 2005:
> Some large networks, notably Comcast, experimented with rate limiting
> or filtering post 25 back in the early 2000s, on the assumption that
> there would be fewer support calls than they'd get with outright
> blocks. That turned out to be wrong; when they turned on blocking
> they got a spike of calls for a few days while people got their mail
> programs reconfigured, then the calls and the spam complaints
> disappeared. The question here is how a part of AT&T a decade later
> didn't get the memo.
But then why didn't Cricket do what Comcast does, and just block it,
instead of doing this super-sketchy 'Let's just remove the crypto and
inspect the user's data' approach? Or, what I think is a fairly
reasonable tactic that some ISPs do on consumer home ISPs, and block
ports but let you opt-out in your user account. (I had an ISP that
blocked 80 and 25, and two checkboxes to immediately undo it.)
More information about the cryptography