CircleID has an old post entitled: Port 25 Blocking, or ‘Fix SMTP and Leave Port 25 Alone for the Sake of Spam”?
The article is kind of interesting and follows the debate of whether Residential/Dial-up ISPs should block outbound port 25/TCP (the SMTP port). Note: I think ISP’s should block outbound port 25/TCP.
The author also smacks down SPF. I thought SPF would help the with the spam issue, but alas it has not turned out to have any real effect at all. Wikipedia has summaries and links to these SPF criticism.
Filed under: Information Security |
PurpleSlog - The Future Will Be Kludged 
If an ISP blocks customer outbound 25/TCP, they need to allow for authenticated relay. Earthlink does that for me, and I run my own email server on a dynamic address with my cable broadband service. But does this really help prevent spam?
It forces the potentially spammer to relay through the ISP’s servers. That makes it the local ISP’s problem (it is easier to track too) instead of the remote ISP’s problem. The local ISP has an incentive to do something becuase they are getting the harm (wastd resources, reputation hit) now.
The spammer must also use mor esophisticated methods, which increawse their transaction costs (reduces the profibility of running a spam operation).
It is all about economics and incentives.