Telstra made a bit of noise last week about blocking access to spammers on its Bigpond Internet service. What it did was prevent its subscribers from accessing an SMTP server on port 25, that being the primary method that mail servers use to communicate with each other.
Just like so many knee-jerk reactions to a problem, I doubt that this has stopped anyone from spamming, but it has certainly inconvenienced a bunch of Bigpond users who weren’t doing anything wrong at all. Their only crime was to run a mail server in their offices without paying Telstra an extra $10 per month for a fixed IP address. What a surprise, it all comes down to money.
According to Telstra logic, if you pay for the service then we know who you are and you won’t dare spam anyone. That should work. Not. Of course, just like many initiatives from big business, the process was selective in what got blocked depending on which service you happen be using. Subscribers on Bigpond cable haven’t had their ports blocked at all, and haven’t been asked for extra money.
Subscribers on ADSL or dialup have had the port blocked, and it happened right here in my home office. In fact, the port block was so effective that I could no longer even work a POP account, never mind my Exchange server, which I expected to stall. I could receive e-mail on POP and I could receive e-mail on my Exchange box. That means Telstra has only blocked port 25 outbound.
However, my Bigpond e-mail was still working, so logic determined that it must be OK to use port 25 if you only speak to a Bigpond mail server. Not really blocked then, just selectively blocked. What would happen if I told my POP account that it should send all my e-mail back through the Bigpond mail server? You guessed it, Telstra is happy to relay my e-mail, without authentication, from my other e-mail account via the Bigpond mail servers to some other e-mail account, without verifying who I am.
Could this fix also solve my Exchange server problem? You bet. Tell your Exchange server to forward all mail to a smart host upstream, which happens to be a Bigpond mail server, and good old Telstra handles my mail for me, once again, no authentication required and basically performing an open relay service. OK, no doubt Telstra is going to claim this is all kosher because it knows who I am since I dialled the telco, and should I start spamming it can shut me down.
Well, how long does it take to sign up online for a Bigpond account using one of your stash of stolen credit cards, and upload your megabytes of spam to the friendly Telstra servers? Sounds like a spammer's dream come true. Once again the honest toilers take it in the groin while the spammers deftly duck around the corner. Same as it ever was.