The modern use of NAT poses a problem for both users and reputation vendors alike.
Carrier Grade NAT is just NAT on a much larger scale.
Not only does Mister X not have that IP, he has just one port on one IP for the duration of that connection and not a moment after.
Starting with the dialup era and progressively getting worse with each generation, the internet clown infestation has always been a problem.
Ever since they started letting clowns on the internet, they have engaged in their hobby of sending mail to anyone and everyone.
With the advent of outbound port 25 blocking, clowns were effectively silenced in those areas of the world.
It is utterly unclear who is talking when all you can see is a bus that appears to be full of clowns.
The Clown Grade version has a pool of public IP addresses and significantly more households behind that.
Instead of one clown showing up to entertain your child on their birthday, the entire clown academy arrives.
In the distant past, when dialup was the problem, a spammer could dial in, start spamming and then disconnect when he had finished.
Should he get blocked during his spam run, he could simply disconnect, reconnect with a new IP and return to business as usual.
This is what spammers on certain large cloud providers do today - for exactly the same reasons.
Get blocked, get a new IP, continue merrily spamming.
These days with CGNAT, the spammer doesn't just have one IP at a time, he has the whole pool to spam from, funnelled through a single IP that is shared with a lot of innocent victims of their ISP's policy.
Every connection the spammer makes comes from a different IP in the pool and before you know it, everything is listed.
The most effective way to stop CGNATs being spam cannons and avoid getting them listed is to filter outbound connections to port 25 from their CGNAT pools.
Modern users do not need port 25 open; they should all be using SMTP Authentication with port 587 or 465.
Port 25 is only needed by mail servers and access to it should be restricted by default.
Limiting access to port 25 prevents all the infected devices behind the NAT from being able to successfully distribute their spam and malware-laden emails, and with the exponential rise in residential proxy networks, this becomes ever more important.
Closing port 25 will not fix their residential proxy problems, but it will definitely reduce support costs, reduce the spam load in the world and also reduce the spread of malware.
This Cyber News was published on www.spamhaus.org. Publication date: Mon, 08 Jan 2024 16:13:16 +0000