Amazon Web Services (AWS) now blocking block port 25

Amazon recently made a change affecting AWS/EC2 users. As of January 27, 2020, new EC2 instances will no longer have port 25 access to the world. This means that by default, they won't be able to send email.

Why? Spamhaus notes: "In early 2020, a critical tipping point was reached; over 50% of Spamhaus’ CSS listings were made up of IPs that existed on two autonomous system (AS) numbers; AS16509 and AS14618. Both of these AS numbers are used by AWS."

Meaning that half of the entries in Spamhaus' automated CSS spam blacklist were IP addresses hosted on AWS. Based on the graph shown by Spamhaus, this suggests that CSS perhaps listed 2.5 million bad acting IP addresses at some point in January, and that a whole half of those (1.25 million) may have been AWS IP addresses. Those are rough guesses at the math on my part, don't take those numbers as proven.

Spamhaus notes that the new Amazon policy is already having a positive effect, with CSS listings of AWS IP addresses dropping significantly since high points in January.

AWS blocking port 25 by default doesn't mean that AWS customers won't be able to send email. Customers can submit a "Request to Remove Email Sending Limitations" support ticket to have the limitation lifted.

I'm assuming this still stops a lot of spammers, as they'll now have to tell Amazon that they intend to send emails and this may give Amazon notice to pay attention to reputation metrics regarding mail sent from those AWS IP addresses. And that spammers looking to automate their spam engines without having to request permission first will now go look elsewhere.
Post a Comment