Saturday, May 1, 2010

Evacuating Port 25

Yesterday morning, I got the automated phone call that millions of other Internet users have been getting. The message told me that my Internet service provider was cutting off access to Internet e-mail in its most standard form. To be specific, after June 1, my ISP will block e-mail sent from any computer in a home or small business using port 25. Going forward, only large corporations and Internet providers will be able to use port 25. Most ISPs have made this move already. It’s a problem, though, because port 25 is traditionally the port designated for sending e-mail.

The reason Internet providers have decided to get everyone out of port 25 is that most e-mail that comes across on port 25 is spam. The same could be said, though, of almost any point or component of the Internet e-mail system. If about 99.9 percent of Internet e-mail is spam, then there aren’t many places where e-mail is sent or received where more than half of the e-mail messages are legitimate.

For ordinary Internet users, there are work-arounds, other ways to send e-mail. We are having to evacuate port 25 and use other ports or other protocols instead. This can be a slight inconvenience, but the broader significance of the move is more troubling. What it means is that Internet providers are losing the e-mail war. Spammers are overwhelming the e-mail system, and Internet providers are in retreat. You don’t have to know what an Internet port is to know that it’s a problem to lose one of them to the outlaws. On the Internet, as on the ocean, the number of ports available is not unlimited, and if we cede one port to the outlaws now, it is just a matter of time, perhaps as little as five years, before they control all of them.

Eventually, the Internet e-mail system will completely break down, and I don’t think it will come as a great shock to the world when it happens. People are already moving away from Internet e-mail. It’s a nice thought that you can exchange messages with anyone in the world, but people prefer to get most messages from people they know, and e-mail sent over social networks now exceeds the volume of legitimate e-mail sent over the Internet.

Some e-mail engineers believe, despite all evidence to the contrary, that “port 25 blocking” will save e-mail. Others are mistakenly pinning their hopes on various of the failed ID initiatives of the past decade, including the two that helped make AOL a non-player in the Internet e-mail business. It‘s proof that engineers are capable of nostalgia, but it doesn’t help us arrive at the answer. Ultimately, the current e-mail system is not flexible enough to survive, and we can only hope that network security engineers are consulted when its replacement is designed.