Egress Filtering?
Why do consumer broadband providers not do egress filtering, blocking TCP destination port 25? it's a very simple rule. No one but spammers need to run their own mail server out of a dynamically addressed ADSL pool. Legit users can relay through their ISP's mail servers, or use the SMTP submit port to send mail through other servers -- SMTP submit exists precisely for this purpose and presents no risk of non-relayed spam delivery.
Customers who need to run their own servers -- and to be clear this is at most like .0001% of a typical consumer ISP's customers -- can be placed on their own subnet, given static IPs, and not be made subject to egress filtering.
These policies and practices are almost trivial to assemble and would virtually end botnet spam originating from networks on which they're implemented. The ISP's mail servers could still relay spam from infected machines, but these mail servers also represent choke points where spam can be much more effectively filtered. ISP customers could be given the option to opt-in to ISP email accounts, and since lots of folks these days use webmail it's likely that many people wouldn't want or need ISP specific accounts. That would allow ISP mail servers to further restrict the volume of outgoing spam.
So I ask again, why is this not being done? Are PT Telkom Indonesia, PTCL Pakistan, Turk Telekom, Bharti Airtel India, and Vietnam Post and Telecom Corporation (and so many others) too incompetent? Too strapped for cash? Too indifferent? What is it?
Inquiring minds want to know.
Biting the hand that feeds IT
