TELECOM Digest OnLine - Sorted: Re: Using Comcast to Host Web Site

Re: Using Comcast to Host Web Site

Robert Bonomi (
Fri, 01 Jul 2005 04:11:21 -0000

In article <>, Michael D. Sullivan
<userid@camsul.example.invalid> wrote:

> Rob Stampfli wrote:

>> In article <>, William Warren
>> <> wrote:

>>> Comcast has been blocking port 80 (HTTP) for a while now, and they've
>>> recently started blocking port 25 (SMTP) as well. IMNSHO, it's only a
>>> matter of time before they start blocking all syn packets and charging
>>> extra for ANY incoming connection, but for now you can do it with some
>>> workarounds.

>> With cable's relatively limited upload speed, I can readily understand
>> blocking inbound port 80, where the traffic distribution is highly
>> skewed towards outbound packets. But why inbound port 25? It can't
>> be to prevent spam from infected PCs since they don't use it. Inbound
>> port 25 can only be used to receive mail and one could argue that
>> whether you receive your mail via SMTP (port 25), or POP or IMAP or
>> otherwise, the bits have to eventually flow in one way or another.

>> So, why block port 25? The only answer I can come up with is "just
>> for spite".

> I suspect it's *outbound* port 25 that is blocked, to prevent zombie
> machines and active spammers from using their own SMTP servers to send
> email directly to their victims' ISPs' MTAs. Many ISPs block outbound
> port 25, requiring most users to go through the ISP's SMTP server to
> send email, which can have limits imposed in an effort to deter spam.

> It could also be a block of inbound port 25, to prevent zombie
> machines from acting as open relay SMTP servers, but if outbound port
> 25 is blocked, those zombies couldn't send the mail that is sent to
> them for relaying, so there is no need to block inbound port 25.

Unfortunately, that is *NOT* true.

Spammer use of "asymmetric routing" has shown there _is_ a need for
blocking inbound port 25, as well.

>> For that matter, the whole concept of "no servers" has always seemed
>> flawed to me: Technically, sshd and telnetd are servers. Does Comcast
>> really desire to have a policy of preventing one from contacting a
>> home machine when they are travelling?

I can't speak for Comcast specifically, but (at least some) other providers
with a 'no servers rule' *do* intend that, as well as prohibiting the
'bandwidth hogging' uses like a music download service..

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Steve Sobol: "Re: Congressman Lends a Helping Hand to SBC"
Go to Previous message: Al Gillis: "Annoyances ... (was: Cellular Jamming? Think Again.)"
TELECOM Digest: Home Page