Port 3555: Vipul's Razor — A Registered Port for a Dead Spam Fighter

Port 3555 is officially registered with IANA for Vipul's Razor — a collaborative, distributed spam-detection network that was active in the early 2000s. The project is now dead. The port assignment persists in the registry.

What Was Vipul's Razor?

Vipul's Razor was an elegant idea: instead of every mail server independently learning what spam looked like, why not share the knowledge?

When a user received spam, Razor would calculate a short cryptographic fingerprint (an SHA digest) of that message and submit it to a central catalogue. Other Razor clients around the world would then check incoming mail against that catalogue. If your fingerprint matched something already in the catalogue, the message was almost certainly spam — someone else had already seen it and reported it.

It was a collective immune system for email. The more people who reported a piece of spam, the faster everyone else could block it.

The network used a reputation system too. Reports carried more weight from users who had established a track record of accurate submissions. This guarded against bad actors trying to poison the catalogue. ¹

The Port

Razor v2 used port 3555 (TCP) to communicate between clients and the Razor Catalogue Servers. The protocol exchanged Structured Information Strings — a URI-like format — and supported pipelining, meaning clients could keep a persistent connection open rather than doing a full TCP handshake for every single spam check. ²

For a system designed to be queried on every inbound email, that kind of connection efficiency mattered.

What Happened to It

Razor was developed by Vipul Ved Prakash and Chad Norwood, initially released around 2002. It was popular enough that SpamAssassin — one of the most widely deployed spam filters ever built — integrated Razor as one of its scoring mechanisms. If Razor recognized a message, SpamAssassin would add points toward its spam score. ³

The infrastructure was eventually taken over by Cloudmark, a commercial email security company. As spam techniques evolved — personalized spam, image spam, spam that evaded fingerprinting — systems like Razor became less effective. The open-source project stalled. The GitHub mirror of the Perl client is explicit about its current state: "We now consider the parent project to be dead." ⁴

Port 3555 still appears in the IANA registry. The servers it was meant to reach are gone.

Is Anything Else Using Port 3555 Today?

No widely documented unofficial use exists for port 3555. If you see traffic on this port on your network, it is most likely one of:

• Legacy mail servers still running old SpamAssassin configurations that try (and fail) to reach Razor catalogue servers
• Custom application development using this port by coincidence
• Something worth investigating

How to Check What's Using This Port

On Linux or macOS:

# Show what process is listening on port 3555
ss -tlnp | grep 3555

# Or with lsof
lsof -i :3555

On Windows:

netstat -ano | findstr :3555

Check from outside your machine:

# Test if port 3555 is open on a remote host
nc -zv hostname 3555

The Registered Port Range

Port 3555 sits in the registered ports range (1024–49151). ⁵ These ports:

• Are assigned by IANA to specific services upon application
• Can be used without root or administrator privileges (unlike well-known ports 0–1023)
• Are intended to reduce conflicts between applications

Unlike the ephemeral range (49152–65535), which systems use for temporary outbound connections, registered ports are meant to be stable addresses for known services. Port 3555 has a stable address. It just doesn't have a service anymore.