Markie
join:2003-07-26
Kalispell, MT | Boo
Boo to that. Punishing the innocent is never a cool thing. Kick off the spammers, don't block ports for the rest of us. This ought to be a bigger target of the net neutrality folks... |
|
birdfeedr
Premium,MVM
join:2001-08-11
Warwick, RI
 ·Verizon FIOS
1 edit | Finally...
I've received quite a few bounced as undeliverable messages simply because I use verizon.net address. Spamhaus defines the blocklist, other ISPs use it.
So I get punished for the mistakes of others. Could be a problem though. We'll have to see if they lock it down to prevent me from using SMTP to my domain.
But something has to be done.
Here's a link to a tutorial that might be useful for understanding port 587. »blogs.3sharp.com/deving/archive/···730.aspx |
|
swintec
Premium
join:2003-12-19
Alfred, ME
 ·RapidVPS
·surpasshosting
 ·Sprint Mobile Broa..
 ·VoicePulse
 ·RoadRunner Cable
|  Time Warner Too?
i wonder if Time Warner will follow suit. They have port 25 open which I use to access my servers mail. I send quite a bit...Judging by the graph, TW is in the top three. Will have to wait and see i guess.
--
Block Accounts | UseNet Now |
|
Tweak
Premium
join:2002-06-08
Oklahoma City, OK
·Cox HSI
| reply to Markie
Re: Boo
Are you joking blocking outbound port 25 is one of the most effective methods in combating spam. Net neutrality is not about dictating How ISPs should run their networks. Net neutrality is about making sure traffic is treated equally and not discriminated against for competitive reasons. |
|
PapaMidnight
join:2009-01-13
Baltimore, MD
1 edit | I think he's more in reference to the block on port 80. But no argument about the latter part.
Edit: TLS or SSL are always options. |
|
neufuse
join:2006-12-06
Indiana, PA | 587?
Why is the push to port 587? is there something special about this port? Comcast already uses it, now verizon, why 587 specifically? |
|
AVonGauss
Premium,MVM
join:2007-11-01
Boynton Beach, FL | About time...
About time... |
|
jackknife
join:2001-02-24
Phoenix, AZ
clubs: | reply to neufuse
Re: 587?
Because 587 is also an SMTP port... Why make up a number when a standard port already exists? |
|
vpoko
Premium
join:2003-07-03
Jamaica Plain, MA
| reply to neufuse
587 is defined as the ESMTP email submission port per RFC 2476 (»tools.ietf.org/html/rfc2476). RFC 3207 (»tools.ietf.org/html/rfc3207) defines the use of transport-layer security over this port. |
|
jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
| External References
Not commenting as a Comcast person, just a messaging guy (I am at a meeting of MAAWG today - and the author of the article gave the keynote).
Relevant references, for those interested:
MAAWG recommendations on port 25 @ »www.maawg.org/port25
IETF RFC 5068 / BCP 134 @ »www.ietf.org/rfc/rfc5068.txt
Jason
--
JL
Comcast |
|
cornelius785
join:2006-10-26
Worcester, MA
| i've got an idea
from my experience of getting internet access from a college network, i think it would be a great idea to simply turn off internet access to someone that has an infected system. at the very most, there should be a 24 hour notice. whenever there was suspicious activity on your computer, the network admins would shut your port off. |
|
KoolMoe
Aw Man
Premium
join:2001-02-14
Annapolis, MD
clubs:
·Verizon FIOS
 ·Speakeasy
| reply to swintec
Re: Time Warner Too?
So...since I have my own server at a datacenter that hosts my domains and email (me@mydomain.net), when VZ locks out port 25, I'm not going to be able to send mail out through my own mail servers anymore...right?
So I'll have to send out via Verizon's mail servers...correct? Ok...but there won't be any sender authentication, right? So VZ's SMTP server isn't going to refuse to send my emails because the From is not a 'verizon.com/net' address, right?
Argh.
KM |
|
swintec
Premium
join:2003-12-19
Alfred, ME
·RapidVPS
·surpasshosting
·Sprint Mobile Broa..
·VoicePulse
·RoadRunner Cable
| Not at all....Instead of port 25 in your email client for outbound mail, change it to port 587 and you will be back in business with your own server.
--
Block Accounts | UseNet Now |
|
tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
·Hollis Hosting
·Verizon Online DSL
·Fairpoint Communic..
| reply to Tweak
Re: Boo
said by Tweak  :Are you joking blocking outbound port 25 is one of the most effective methods in combating spam. How does blocking outbound Port 25 help? I agree inbound but fail to see what blocking outbound port 25 accomplishes.
What it will do is annoy customer's like me that have a hosted domain and use off network SMTP server.
/tom |
|
N O Y B
St. John 3.16
join:2005-12-15
Forest Grove, OR
4 edits | Nonsense
Wow, that article is full of misleading and incorrect information. Just one example is that port 25 does not require authentication and that 587 does. That is so stupid; authentication is not a port dependency. For example when you use an SMTP client to send mail via outgoing.verizon.net on port 25 you have to authenticate. That is the way it is already right now today and has been that way a very long time if not from the beginning. However external mail servers exchange mail between each other and to/from relay.verizon.net on port 25 without any authentication. See authentication has nothing to do with the port number being used.
Even the statistics are skewed by the differing size of each ISP's customer base. The right metric would be CBL's per million subscribers. Believe that metric would show a more even distribution.
Block port 25 where? Inbound on customers service, outbound on customer service, customer service to/from relay.verizon.net, customer service to/from non verizon.net locations (third party and/or personally owned and operated SMTP servers), etc. etc. etc.? What are the specifics of the port 25 block?
Verizon already "blocks" outbound email from residential service to mail exchange servers by having those IP addresses listed in the Spamhaus PBL (Policy Block List). Any mail exchange server operator can use this to automatically lookup and reject all messages coming from those addresses. If mail exchange server opperators do not make use of it that is their, and their customers, problem. It would be interesting to know if Spamhaus uses their own PBL to filter out clients from their CBL data collection processes. I think if they did the CBL would not have nearly as many Verizon.net enteries.
It is a little difficult to discuss this without knowing the specific details of where and how they are going to block port 25, details which the article is conveniently omitting.
--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation |
|
Anonymous_
Anonymous
Premium
join:2004-06-21
127.0.0.1
clubs:
·RoadRunner Cable
·Time Warner Cable
·Time Warner VOIP
| reply to swintec
Re: Time Warner Too?
said by swintec :i wonder if Time Warner will follow suit. They have port 25 open which I use to access my servers mail. I send quite a bit...Judging by the graph, TW is in the top three. Will have to wait and see i guess. TWC will shut down your internet with in 24 hours of being reported |
|
RARPSL
join:1999-12-08
Suffern, NY
| reply to PapaMidnight
Re: Boo
said by PapaMidnight :TLS or SSL are always options. NO they are not since VZ does not support SSL on their POP or SMTP Servers (and does not support the SMTP-over-SSL and POP-over-SSL Ports [465 and 995 respectively]).
BTW: The blocking of Port25 is for attempts to connect to Non-VZ SMTP MSA Servers (Mail Injection from Clients) when using VZ connectivity. The activation of Port587 is good news since it means that you can now securely use the VZ MSA Servers when connected to some other Network (such as a WiFi or Hotel) where your UserID/PW can be monitored/stolen.
Even Better would be if VZ provided SSL support (as mentioned above). |
|
RARPSL
join:1999-12-08
Suffern, NY | Receiving Email via Port587?
The article has a major goof in that Port587 is used to SEND Email (in lieu of Port25). Receiving Email is via POP Port110 or 995 (the later is POP-over-SSL) or IMAP Ports 143/993 (normal or with SSL sessions). |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to tschmidt
Re: Boo
said by tschmidt :How does blocking outbound Port 25 help? I agree inbound but fail to see what blocking outbound port 25 accomplishes. Outbound port 25 access allows a Verizon subscriber to access port 25 on a remote host. Such as an infected Verizon user's computer connecting to my mail server on port 25. If Verizon blocks outbound port 25 access, that means no 'bots on Verizon customers' infected computers can connect to my server.
The spammer does not need inbound port 25 access to the infected computer; any of the 65,535 TCP ports will suffice. But they can't get to the target gateway mail server from the Verizon network if the Verizon network chokes off port 25.
I watched the logs on my server, and, in 2004, SBC was the worst, followed by Comcast. In 2005, both SBC and Comcast implemented some form of blocking of outbound port 25. SBC opted for a blanket block on all users, and dubious connections from residential SBC IP addresses dropped dramatically. Comcast implemented a reactionary approach; block their subscribers when excessive SMTP activity was detected.
SBC dropped off the radar, and Comcast fell to near last place; Road Runner and Verizon became the top dogs in my dirty list.
The most recent rewrites of the email RFCs more clearly specify that port 25 access should be only used for mail transfer by email services, and that end user message submission should be done over port 587.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to KoolMoe
Re: Time Warner Too?
said by KoolMoe :So...since I have my own server at a datacenter that hosts my domains and email (me@mydomain.net), when VZ locks out port 25, I'm not going to be able to send mail out through my own mail servers anymore...right? If you control message submission port of the servers yourself, you can change them to any port not blocked by Verizon. If your hosting provider controls the message submission ports, you just have to point them to RFC 5321, which specifies that port 587 is the preferred message submission port, and to RFC 4409, which defines port 587 as the message submission port. Once your servers are properly configured to use the RFC specified message submission port, it won't matter that Verizon blocks outbound port 25.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
