How Pervasive is ISP Outbound Email Filtering?

Erris writes "A member of the Baton Rouge LUG noticed that Cox checks the text of outgoing email and rejects mail containing key phrases. I was aware of forced inbox filtering that has caused problems and been abused by other ISPs in China and in the US. I've also read about forced use of ISP SMTP and outbound throttling, but did not know they outbound filtered as well. How prevalent and justified is this practice? Wouldn't it be better to cut off people with infected computers than to censor the internet?"

Re:Profit comes first

[Chyeld]

However, filtering also raises the "you are now liable for what they say to an extent" issue that the whole Safe Harbor thing was suppose to fix for ISPs and could definately cost a huge pile more than just cutting access and losing customers.

If you don't filter, you get blocked.

[Russ Nelson]

If an ISP doesn't filter their outgoing email to make sure that it's own users aren't spamming, they WILL get blocked. I'm on a super-secret anti-spam mailing list which I can't tell you about, and everybody there cheerfully admits to blocking their own users' outgoing spam. It's necessary.

Re:Phrases

[Psychotria]

No, but it is worrying. For example, I often have to resort to emailing people using PDF's which contain the bulk of my message because their stupid ISP marks me as spam. I think it is because a lot of my emails involve giving people advice on plant species names--which always makes me go "wtf" when my email bounces because it is "spam-like". Since when is giving a person advice on species "spam-like"? Maybe it's the latin I don't know. I don't use my ISP for outgoing email (I run my own email servers) but for those people who do... their emails better not be innocent because they'd probably be filtered as spam. Much better to write a long message about penis enlargement than something serious--it's more likely to pass through the filters.

Re:Text of posting (TFA)

[Anonymous Coward]

You couldn't care less. Is this a US-centric thing? "I could care less" makes no sense and only Americans seems to use the absurd phrase.

Holy WTF?!?

[Just Some Guy]

I can understand and am sympathetic to ISPs who force outbound traffic to go through their servers. I'm not saying I agree with it, but I really do get what they're trying to accomplish. I also understand ISPs having spam filters on their outbounds, and think that's actually a pretty good idea. If you really need to send a virus so someone, then you should be technically competent to encrypt it or otherwise shield it from a scanner.

But never in a million years can I even remotely condone actually scanning the text of emails and rejecting ones an ISP doesn't like. That's just Evil.

Not just ISPs-- antivirus software too

[cmburns69]

Some antivirus packages also block some outbound email as well. At a previous company I worked for, we had to send out numerous survey invitations. Norton would quietly queue and scan all the outbound data (going to port 25)-- which worked in many cases. Except that it was slow. And there was now way of knowing how much data (if any) was still queued. And if the computer was restarted before Norton finished processing the queue, the data was silently lost (even though a "Accepted for delivery" message was returned to the sending program).

These limitations wouldn't be hit by your normal 1-or-2 emails at a time users. But for the rare legitimate high volume senders, like us, it was a problem. IT wouldn't let us turn off Norton alltogether (and rightly so, as we'd seen virii on our network in the past), and there was no way to selectively disable that "feature". Eventually we forced to make our outbound mail server listen on a different port, so that Norton wouldn't scan/lose the data.

At least with COX you get a notification saying that the message couldn't be sent, with Norton, the messages might just quietly disappear.

Re:Not Comcast

[squallbsr]

I also have Comcast, I was able to send email over SMTP (port 25) any time I pleased. That was until my brother decided to bring over his virus ridden, spam spewing, zombified windows machine over and hook it up to my network (while he was house sitting). They promptly blocked port 25, I got home and couldn't send email.

I had to call their very rude Security Something Department, they said my options were
1. 'Use a different port because other ports can be secured while port 25 cannot be secured.'
2. Use the Comcast alternate port SMTP-AUTH Server (of which I don't know my login/password for)

I told them I wanted option 3:
3. Re-open port 25.

They decided to tell me that they could as a ONE TIME courtesy re-open the port, but 'it will probably be blocked again because the problem that caused it to be blocked probably wasn't fixed' (even after I told them that I had found the problem and fixed it, in addition to monitored all transmissions over port 25 for an hour)... So I fixed my OpenBSD firewall pf rules to only allow 'trusted' computers to only be able to contact MY email server, and access the whole internet unfettered, the 'guest' machines have access to web and a handful of other ports (none of which is 25)...

Moral of the story: Stop using windows... /flamebait

Yep

[Sycraft-fu]

Cox does have business level cable and I've been quite happy with it. Used to use Speakeasy DSL but got spooked when Best Buy purchased them and switched to Cox. Thus far (little over a year) it has been great. I run 3 servers which do a moderate amount of traffic (maybe 50-100GB up a month) and have heard not a peep out of them. No ports are blocked that I can see, the servers run HTTP, HTTPS, SSH, IMAPS and SMTP between the group of them and it all works fine. They even have an SLA such that in extended downtimes you get monetary credit.

The difference, of course, is that I pay a good bit more. I'm not sure what a consumer level cable connection costs for 10mb/1mb but my understanding is it is somewhere in the range of $50/month. I pay more like $150/month for the business grade with 8 static IPs (the IPs do add a good portion of that).

However I'm ok with that. My usage is much in excess of what you'd get from a normal consumer, I'm ok with the fact that I have to pay for that. It's still not a bad price all things considered.

If you want the cheap consumer connections, then you need to deal with the consumer restrictions which usually include "no servers". It isn't as though they are being assholes and saying "No you can't ever do this," they are just saying "If you want to do this, you need a more pricey service."

Re:Kudos to Cox Communications

[rmerry72]

It would actually be irresponsible for Cox not to filter outbound mail traffic, since they are bound to have customers that run malware infected / zombied host computers.

You know, I'm getting sick of the prevailing attitude that ISPs and other "institutions" should limit legitimate activities with a technology and filter everybody's behaviour because some customers are bad apples (either intentially or through ignorance).

Don't penalise me and limit my activities - limit those who are adversly behaving. ie, block those that do have malware infected machines not mine! I do the right thing and protect my systems. Why should I should I be penalised by the highest common ignorance factor?

You are promoting this attitude by saying "We will do business with them because they bottled up their customers nicely and it saves us work" instead of "They have lower quality customers and have to bottle them. Not going to touch that crowd".

What am I saying? We live in a moddle-coddled world where nobody takes responsibility for they're own actions but instead focuses on fretting and controlling everybody else's actions. Arse above tit. With liberty comes responsibility.

Re:Not Comcast

[Anonymous Coward]

25 blocked ubiquitously here too. Instead of using cox's smtp service, I use the SMTP relay service at http://www.smtpport.com/ [smtpport.com] to tunnel regular smtp to my own company server through a nonstandard port. A decent workaround for when you don't have shell access or secure smtp. So far cox hasn't filtered or blocked it.

Re:Not Comcast

[element-o.p.]

The problem with an ISP using SMTP-auth for connections outside their network is that SMTP-auth is only as secure as the least secure password used in your customer base. Given that people are generally lazy and prioritize convenience over security, that means odds are that any decent sized ISP *will* have at least one (and probably very many more) weak passwords, and *that* means that the ISP's mail server *will* be an open relay as soon as the spammers figure it out.

This isn't just theory -- at an ISP I used to work at, we saw this happen. We started getting UCE complaints from other ISP's, but couldn't figure out how spammers were relaying through our server. We traced it down to one customer's e-mail account, but couldn't figure out how hosts from outside our netblock were relaying through our server. Finally, one of the admins noticed that SMTP-auth was turned on (it wasn't supposed to be). I've lost all faith in SMTP-auth on an ISP server since.

Comcast blocking shortened URLs in emails

[1sockchuck]

According to the NANOG list (North American Network operators Group), Comcast has been discarding emails that include a link created using EasyURL [merit.edu], one of many services designed to provide shortened URLs for email links. This could be an anti-spam policy, as URL forwarding through these services is sometimes used by phishing scams to obscure the link's true destination.

Re:Looking further...

[Vellmont]

I haven't checked the Cox TOS lately, but don't they prohibit running a home web server like all the other residential internet providers?

They might. What does that have to do with this situation? It's very unlikely Cox has some kind of filter that looks for specific references to their own IP address pool, and filters out email with that criteria. It's just not worth the effort.

What's MUCH more likely is they have a spam filter that looks for email that looks like spam, i.e. "http://some-ip-address:some-port-number." Spammers do this all this time, real email very rarely so. The home-server TOS thing is just a red herring.

Re:Not Comcast

[Anonymous Coward]

It's not Windows' fault that your brother connected his infected machine to your network.

It is, however, Windows' fault that for a long time in the late '90s and early '00s Windows was a festering pit of security holes that practically begged spammers and other maltards to abuse it.

Admittedly things have got better since Microsoft's developers got off their collective ass and started belatedly trying to mitigate the unspeakable damage their negligence has done to the Internet and the world as a whole, but why should we reward them for doing something they should have done 10 years earlier by continuing to use their platform? Too little, too late. There's really no reason to carry on using the operating system that brought us Miranda, Code Red, SQL Slammer, and a billion penis-enlargement emails. OS X is better for home users and Linux is better for corporate environments. Just move on.

Re:Not Comcast

[konohitowa]

A friend of mine uses Comcast in the Indianapolis area. I talked to him on the phone and he was surprised that I hadn't received an email from. We went through several tests and concluded that Comcast was indeed scanning his outbound email and filtering items that hit some type of keyword filter. He was able to send the email only when he slightly altered the subject text. The annoying part of it was that it was a "silent" filter - he got no indication that the email had been rejected. It just went straight off to /dev/null (so to speak).

Re:Servers?

[arminw]

.....So, what exactly, defines a server?.......

How about; A computing device that accepts random, unsolicited connection from other computing devices". It's generally the kind of connection that a NAT router prevents unless especially set up to allow that. As part of the service, many ISPs supply a wireless NAT router which blocks incoming traffic from the local network.