Tuesday, 14 April 2009

Stumbleupon stumbles on

Stumbleupon is the latest to make my whinge list. After registering eons ago, and never revisiting the site or hearing from them since, I just got this email:
StumbleUpon | Discover Your Web. Here are this
week's most popular bHistory, Music, Guitar/b
sites recommended by people like you on
Your 5 Favorites
Followed by an email full of links, with this in the footer:
StumbleUpon sends these emails based on the
preferences you set for your account. Your use of
our service is subject to the StumbleUpon Terms of
Service http://www.stumbleupon.com/terms/ .
If you do not wish to receive weekly
recommendation e-mails, please login
and change the setting on your preferences page
Please note that it may take up to 14 days to
process your request.
Fourteen days? To process an automatic request? What are you doing Stumbleupon? Mailing the requests via Antarctica? Perhaps you're employing people to flip the bits manually to boost the economy...

Poll: What should I blog about?

Now that I get a few hits to this blog, I thought I'd let you decide what you would like to read.

I've created a poll you should see at the top of every page, until the end of April '09. Let me know what you would like to read. Comment if there should be more options. So far I have four votes!

Friday, 3 April 2009

Blocking port 25

I had a call from a friend complaining that they just purchased a wireless broadband stick (from Telstra using their Next-G network which is a HSDPA network using UMTS850MHz) and the could not send mail via their normal mail accounts.

A few minutes of checking found that Telstra and Bigpond block outgoing access to port 25 to anything other than their own mail servers.

The reasons are listed here [bigpond.custhelp.com] as well as at other pages. This post will list why their reasons are flawed, and how to get around them.

Flawed Reasoning

Bigpond claims they manage the use of port 25 to "to prevent spammers sending unsolicited email using [their] network." OK, that sounds fair enough at first glance, but when you realise how easy this is to get around (use a different port, for example) then this reason becomes redundant.

Bigpond claims that other ISPs are taking similar steps and that their changes have been "proven to prevent some types of spam activity". However spammers, like advertisers, attempt to stay ahead of the latest trends, and as soon as one method of spamming is blocked, they will use another. Also Internode (as an example) blocks port 25 by default, but lets you turn this feature off.

Furthermore, spammers are setting up real mail servers around the world. In conjunction with a tailored trojan that uses a different port to send mail, Bigponds efforts are useless. In fact Spam levels are back to 95% of all email traffic!

Finally, you could pay the extra money for a fixed IP address from Telstra, and they won't block the port. In my opinion, this is shameless money grabbing. Please explain why a user on a fixed IP address is not susceptible to a spam sending trojan or virus?

Perhaps the spam is purposefully malicious, and Telstra would like to know whose account to suspend? Telstra (along with most ISPs) keep detailed logs of traffic and authentications, so they can easily tell which user from a dynamic IP address was accessing which sites at any point in recent history, therefore static IP addresses are no easier to crack down on.

More Problems than Solutions

Bigpond says that you can use their Bigpond mail server to send mail, and thus get around the port block. You can in fact do this, and still have your email appear to come from you@yourhost.com (and not you@bigpond.com).

This solution is not ideal for two reasons:

1. Travelling
The frequent traveller, like my friend, is often on different networks. He must be able to use whichever network he is on and send / receive his normal email. To set up a different outgoing mail server, and perhaps a different profile (from whichever mail client he is using) for each network is both time consuming and pointless.

2. Your email looks like spam
When you send email where the FROM address is you@yourhost.com, but it goes through a different email server you@bigpond.com, the recipient's (him@friendsmail.com) mail server may block or mark your email as spam.

This is because exactly that technique (using a FROM address and mail server that do not match) is used by spammers to send spam. The recipient mail server checks the DNS records of the sender (yourhost.com), and if they don't match the originating server (bigpond.com), then your email may be deleted, rejected, or set aside.

Getting around it

OK, so what do you do to get around it? By far the best way is to authenticate with your mail server, and use a secure port. By using a secure port (usually not port 25) Bigpond won't block your outgoing mail. In fact this should work for many networks that block port 25.

You have the added advantage that your mail is probably encrypted, or at least your password will be (don't rely on this to encrypt sensitive emails though, as you can bet it will be transmitted in plain text at some stage of the process).

Is my mail server compatible?
The best thing to do is try! Different mail clients do this in different ways:

Evolution 2.24.5
Edit > Preferences > Mail Accounts > Edit > Sending Email > Use Secure Connection

Thunderbird 3.0b3
Edit > Account Settings > Outgoing Server > Edit > Connection Security

Outlook [including Express]
You have to edit your account settings from one of the main menus. You may have to then choose View or Change existing email accounts. Then select the account and choose Change; then more settings (I think) and then you should see a secure option. Note the SPA option is not what you're looking for here, although you can use it if supported.

If you get timeouts or errors sending mail, then try slightly different options (if you have a choice).
Copyright 2009 Another Blog. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan