South Korea to ask ISPs to block port 25 traffic

Posted by   Virus Bulletin on   Nov 15, 2011

Experts sceptical about long-term effects on spam levels.

South Korea intends to require ISPs to block all outbound traffic on port 25 from anything but the "official" mail servers, hoping to help the global fight against spam and to improve the country's reputation as a spam-friendly country.

The blocking of port 25 has long been considered a good practice and many ISPs worldwide already do so. It stops the most basic kind of botnet spam: direct-to-MX spam, where a compromised PC makes a direct connection to the recipient's mail server to send spam.

Because of its large population - most of whom are connected to the Internet via a high-speed connection - it is little surprise that South Korean Internet users are a popular target among cybercriminals who can use compromised machines in the country to send a lot of spam. If implemented, it is likely that this regulation will improve the situation in the country.

However, experts think that in the long run this will not make a big difference. They point out there are other ways for spammers to send spam from compromised machines, such as via proxies or via the official mail servers. They also suggest that ISPs can do more to track malicious traffic on their networks, such as perform transparant spam filtering and monitoring of DNS traffic.

More at the BBC here, with comments from ZDNet here and from Mailchannels here. Naked Security's latest 'dirty dozen' list of top spam relaying countries showed South Korea in second place here.

Posted on 15 November 2011 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light…

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target…

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.