How Pervasive is ISP Outbound Email Filtering? 281
Erris writes "A member of the Baton Rouge LUG noticed that Cox checks the text of outgoing email and rejects mail containing key phrases. I was aware of forced inbox filtering that has caused problems and been abused by other ISPs in China and in the US. I've also read about forced use of ISP SMTP and outbound throttling, but did not know they outbound filtered as well. How prevalent and justified is this practice? Wouldn't it be better to cut off people with infected computers than to censor the internet?"
Re:Profit comes first (Score:3, Interesting)
If you don't filter, you get blocked. (Score:3, Interesting)
Re:Phrases (Score:3, Interesting)
Re:Text of posting (TFA) (Score:1, Interesting)
Holy WTF?!? (Score:4, Interesting)
I can understand and am sympathetic to ISPs who force outbound traffic to go through their servers. I'm not saying I agree with it, but I really do get what they're trying to accomplish. I also understand ISPs having spam filters on their outbounds, and think that's actually a pretty good idea. If you really need to send a virus so someone, then you should be technically competent to encrypt it or otherwise shield it from a scanner.
But never in a million years can I even remotely condone actually scanning the text of emails and rejecting ones an ISP doesn't like. That's just Evil.
Not just ISPs-- antivirus software too (Score:3, Interesting)
These limitations wouldn't be hit by your normal 1-or-2 emails at a time users. But for the rare legitimate high volume senders, like us, it was a problem. IT wouldn't let us turn off Norton alltogether (and rightly so, as we'd seen virii on our network in the past), and there was no way to selectively disable that "feature". Eventually we forced to make our outbound mail server listen on a different port, so that Norton wouldn't scan/lose the data.
At least with COX you get a notification saying that the message couldn't be sent, with Norton, the messages might just quietly disappear.
Re:Not Comcast (Score:5, Interesting)
I had to call their very rude Security Something Department, they said my options were
1. 'Use a different port because other ports can be secured while port 25 cannot be secured.'
2. Use the Comcast alternate port SMTP-AUTH Server (of which I don't know my login/password for)
I told them I wanted option 3:
3. Re-open port 25.
They decided to tell me that they could as a ONE TIME courtesy re-open the port, but 'it will probably be blocked again because the problem that caused it to be blocked probably wasn't fixed' (even after I told them that I had found the problem and fixed it, in addition to monitored all transmissions over port 25 for an hour)... So I fixed my OpenBSD firewall pf rules to only allow 'trusted' computers to only be able to contact MY email server, and access the whole internet unfettered, the 'guest' machines have access to web and a handful of other ports (none of which is 25)...
Moral of the story: Stop using windows...
Yep (Score:5, Interesting)
The difference, of course, is that I pay a good bit more. I'm not sure what a consumer level cable connection costs for 10mb/1mb but my understanding is it is somewhere in the range of $50/month. I pay more like $150/month for the business grade with 8 static IPs (the IPs do add a good portion of that).
However I'm ok with that. My usage is much in excess of what you'd get from a normal consumer, I'm ok with the fact that I have to pay for that. It's still not a bad price all things considered.
If you want the cheap consumer connections, then you need to deal with the consumer restrictions which usually include "no servers". It isn't as though they are being assholes and saying "No you can't ever do this," they are just saying "If you want to do this, you need a more pricey service."
Re:Kudos to Cox Communications (Score:4, Interesting)
You know, I'm getting sick of the prevailing attitude that ISPs and other "institutions" should limit legitimate activities with a technology and filter everybody's behaviour because some customers are bad apples (either intentially or through ignorance).
Don't penalise me and limit my activities - limit those who are adversly behaving. ie, block those that do have malware infected machines not mine! I do the right thing and protect my systems. Why should I should I be penalised by the highest common ignorance factor?
You are promoting this attitude by saying "We will do business with them because they bottled up their customers nicely and it saves us work" instead of "They have lower quality customers and have to bottle them. Not going to touch that crowd".
What am I saying? We live in a moddle-coddled world where nobody takes responsibility for they're own actions but instead focuses on fretting and controlling everybody else's actions. Arse above tit. With liberty comes responsibility.
Re:Not Comcast (Score:3, Interesting)
Re:Not Comcast (Score:3, Interesting)
This isn't just theory -- at an ISP I used to work at, we saw this happen. We started getting UCE complaints from other ISP's, but couldn't figure out how spammers were relaying through our server. We traced it down to one customer's e-mail account, but couldn't figure out how hosts from outside our netblock were relaying through our server. Finally, one of the admins noticed that SMTP-auth was turned on (it wasn't supposed to be). I've lost all faith in SMTP-auth on an ISP server since.
Comcast blocking shortened URLs in emails (Score:3, Interesting)
Re:Looking further... (Score:3, Interesting)
I haven't checked the Cox TOS lately, but don't they prohibit running a home web server like all the other residential internet providers?
They might. What does that have to do with this situation? It's very unlikely Cox has some kind of filter that looks for specific references to their own IP address pool, and filters out email with that criteria. It's just not worth the effort.
What's MUCH more likely is they have a spam filter that looks for email that looks like spam, i.e. "http://some-ip-address:some-port-number." Spammers do this all this time, real email very rarely so. The home-server TOS thing is just a red herring.
Re:Not Comcast (Score:1, Interesting)
Admittedly things have got better since Microsoft's developers got off their collective ass and started belatedly trying to mitigate the unspeakable damage their negligence has done to the Internet and the world as a whole, but why should we reward them for doing something they should have done 10 years earlier by continuing to use their platform? Too little, too late. There's really no reason to carry on using the operating system that brought us Miranda, Code Red, SQL Slammer, and a billion penis-enlargement emails. OS X is better for home users and Linux is better for corporate environments. Just move on.
Re:Not Comcast (Score:3, Interesting)
Re:Servers? (Score:3, Interesting)
How about; A computing device that accepts random, unsolicited connection from other computing devices". It's generally the kind of connection that a NAT router prevents unless especially set up to allow that. As part of the service, many ISPs supply a wireless NAT router which blocks incoming traffic from the local network.