ISPA on Spam. Block port 25 says Trend Micro
An article in silicon.com today is headlined "Spam storm needs ISP action, urges security chief", and so it does. ISPs have the ability to secure mail servers, making it next to impossible for spammers to exploit the weakness attributed to an unsecured mail server running in port 25, the port of choice for spammer attacks.
But the article also highlights David Rand, CTO of security company Trend Micro, who told silicon.com: "I absolutely believe this is the ISPs' responsibility. Yet top ISPs still aren't doing anything."
Rand said: "It's not like the ISPs can't tell this is going on. They can see all this on their networks."
So far so good. He's right. And it is obviously not lack of knowledge that stops the ISP from killing SPAM. But Rand is also quoted as saying that the blocking of port 25 will pretty much solve this problem. The article says:
Many leading ISPs currently refuse to take measures such as blocking port 25 traffic, a move which Rand claimed would affect very few users sending legitimate email, while blocking the port used to relay email via the internet on compromised machines.
But blocking port 25, the way, for example Now! Wireless Broadband does simply aggravates users who work form home and need to log in to the office's mail server to send mail, or who have multiple legitimate mail servers to which they need to go in order to send their email correctly. Experts tell Compliance and Privacy that "Blocking port 25 is naive in the extreme. Mail servers should be properly secured instead of blocking port 25"
Apart from this area, one which should concern everyone who uses the corporate email server from home (with no VPN or other system), or presumably on the move, from hotels, from wieless hotspots, the article has a great deal of validity. We commend it to you. But not the Port 25 part!
ISPA to Give Evidence on Personal Internet Security The Internet Services Providers' Association (ISPA UK) - the UK's leading Internet trade association – has been called upon to give evidence to the House of Lords Science and Technology Committee.
ISPA will aid the Committee in their Personal Internet Security inquiry. The inquiry has been prompted by increasing home computer use, broadband take-up and the growth of eCommerce and Internet banking.
ISPA Council members James Blessing, Chief Operating Officer at Entanet; Matthew Henton, Head of Marketing at Brightview and Camille de Stempel, Director of Policy at AOL, will be giving evidence to the committee on March 14th 2007.
The UK Internet industry has an excellent track record of making the ‘net safer through self-regulation. ISPA members regularly invest in educating customers by providing advice and guidance on Internet security issues, such as avoiding viruses, preventing their PCs from being hacked, and limiting and reporting spam.
Since the Committee's call for evidence in 2006, ISPA has submitted written evidence to the inquiry and held a Parliamentary Advisory Forum event in January 2007 on Personal Internet Security. The discussion was attended by Parliamentarians, government officials, law enforcement representatives and leading figures from industry, highlighting ISPA's commitment to a multi-stakeholder approach addressing the economic, technological and social issues of online security.
ISPA is currently drafting a series of Best Current Practice (BCP) documents advising ISPA members on various issues. Each BCP represents what ISPA considers to be best practice at the time of publishing.
Jessica Hendrie-Liaño, Chair of ISPA Council said “Tackling personal Internet security must be a joint effort between the Internet industry, the Government and significantly end-users. It is important that the nature of the Internet is understood and the success of the industry's hard work to date is acknowledged.”
|
