EarthLink antispam measure trips some users

Some subscribers to EarthLink Inc.'s network were caught off guard this week when it shut down inbound communications through two commonly used communications ports in what the Internet service provider said was an attempt to stop spam from getting through to its members.

A spokesman at the Atlanta-based company confirmed that it was blocking inbound communications through Ports 25 and 80 as an antispam measure.

EarthLink didn't notify subscribers of the impending shutdown, but the information had been posted in newsgroups, the spokesman said.

"It we had notified people, our call centers would have been overwhelmed with calls from people whom it would not have affected," he said.

In Los Angeles, information technology security specialist and EarthLink subscriber Michael Baumann said he found out about the action last weekend when his home server, used to filter e-mail to his children, went down.

The shutdown was done "to keep [any EarthLink subscribers] from relaying spam across other networks, and to prevent users from other networks from using our SMTP networks to relay spam," the EarthLink spokesman said.

"It's not an antispam measure," Baumann said. "If I were a spam-generating kind of guy, this would work great. Not only could I send all the spam I want, I wouldn't have to worry about those nasty replies."

Blocking the port doesn't prevent spammers from getting one or dozens of accounts with the service provider and sending spam until the provider closes the account, he said, but it does prevent subscribers from using their EarthLink accounts to access their work accounts.

Another subscriber, a vacationing systems administrator who asked not to be identified, tried using his EarthLink account to check critical servers in remote locations. "Alarms came back, telling me that all five of my SMTP servers were down," he said. "Telnets to Port 25 confirmed the situation." Only calls to the remote offices verified servers were functioning, he said.

EarthLink isn't the first service provider to restrict traffic. MindSpring Enterprises Inc. restricted its traffic last year, the EarthLink spokesman said.

The users who were affected are a tiny minority of EarthLink's more than 4 million subscribers, he said. MindSpring, which was acquired by EarthLink in September of last year and has 1 million subscribers, "got fewer than 100 calls, although they were very vocal,"said the spokesman.

Blocking the two channels also is in line with guidelines suggested by the antispam group, Mail Abuse Prevention System LLC (MAPS) in Redwood City, Calif., said the EarthLink spokesman.

EarthLink supports MAPS and the use of its Realtime Blackhole List, a list of organizations that spam, permit spamming or are neutral to spamming, he said.

Other Internet service providers are following suit. A spokewoman at Herndon, Va.-based RoadRunner LLC said the decision whether to implement RBL, which blocks e-mail from organizations on the list, is left to each of its 44 affiliates. "Corporate would support use of the list," she said.

Staff assigned to handle network abuse issues "spend most of their time dealing with spam-related issues," the EarthLink spokesman said.

EarthLink's own operations were the first to restrict traffic. Meanwhile, Sprint Corp. which has a minority stake in EarthLink, has also shut down the ports. All EarthLink networks will have the shutdown in place by the middle of next month, the spokesman said.

Why system administrators restrict traffic

When configuring a firewall, blocking inbound communications on Ports 25 and 80 is considered good practice.

Port 25 is used for Simple Mail Transfer Protocol (SMTP) traffic. Common e-mail programs send e-mail via SMTP and receive it via Post Office Protocol 3 (POP3), which uses Port 110.

A spammer could use Port 25 to send one e-mail with thousands of addresses to an Internet service provider's e-mail server, thereby using the provider's computer power to do its spamming.

By blocking inbound traffic on Port 25, a service provider can prevent that. However, it would have no effect on spamming by one of the provider's subscribers, because outbound e-mail traffic would be unaffected.

Port 80 is used for Hypertext Transfer Protocol (HTTP) traffic. It's how Web browsers and servers talk to each other.

Blocking inbound traffic over Port 80 prevents external users from using the port to reach and illegally use internal services.

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
 
Shop Tech Products at Amazon