SMTP Blocking

by on November 15, 2007 · 17 comments

In response to a post I did on Verizon’s obnoxious DNS policies, a Techdirt reader writes:

Verizon DOES block your ability to use 3rd-party mail servers. GMail is web-based, son. A server at a friend’s ISP, connecting over port 25, is BLOCKED by Verizon, period end of story.

Now, I use another port and so go my merry way, but Verizon, having blocked port 25, can block any ports they wish under the same guiding principle. Verizon sets limits.

And another reader responds:

Isn’t that standard practice? To (somewhat) prevent spoofing email, ISPs require outbound mail to go through in-house servers, but inbound on port 110 can be any source you have access to.

Does anyone know if this is true? I’ve occasionally encountered Wifi connections in hotels or coffee shops that block outbound SMTP, but I’d always assumed that real residential ISPs don’t do that sort of thing. Such a policy does little or nothing to combat spam, but it sure is a pain in the butt for those of us who use real mail clients and don’t use our ISP’s SMTP servers.

Relatedly, would such a policy a violation of network neutrality? It sure seems like it violates the letter of Snowe-Dorgan, which would imply that thousands of annoyingly-configured hotspots would instantly become illegal if network neutrality regs passed.

  • Chuck Jackson

    I believe blocking port 25 is a common practive . I think that the Canadian antispam commission of a few years ago recommended it. Given that ther is an alternate port for the same function (except authenticated) every ISP should block port 25.

    Chuck

  • Chuck Jackson

    I believe blocking port 25 is a common practive . I think that the Canadian antispam commission of a few years ago recommended it. Given that ther is an alternate port for the same function (except authenticated) every ISP should block port 25.

    Chuck

  • http://eldiabloenlosdetalles.net Carlos

    Blocking port 25 is definitely a common practive, Tim. See, for example:

    http://wiki.dreamhost.com/KB_/_Email_/_POP3/IMAP/SMTP_Servers#Does_my_ISP_block_port_25.3F

    Cheers.

  • http://eldiabloenlosdetalles.net Carlos

    Blocking port 25 is definitely a common practive, Tim. See, for example:

    http://wiki.dreamhost.com/KB_/_Email_/_POP3/IMA

    Cheers.

  • Larry

    It does help combat spam by forcing residential customers to send mail through the ISPs servers, which can set limits on outgoing mail. (Otherwise, malware running on a home computer can dump spam to any SMTP server on the Internet.)

    A good ISP will support sending mail on the submission port (587), using SMTP AUTH. If you configure your mail clients this way, then you should be able to send mail without reconfiguring, regardless of what WiFi system you’re using.

  • Larry

    It does help combat spam by forcing residential customers to send mail through the ISPs servers, which can set limits on outgoing mail. (Otherwise, malware running on a home computer can dump spam to any SMTP server on the Internet.)

    A good ISP will support sending mail on the submission port (587), using SMTP AUTH. If you configure your mail clients this way, then you should be able to send mail without reconfiguring, regardless of what WiFi system you’re using.

  • http://techdirt.com/ Mike Masnick

    AT&T definitely blocks using any other smtp server on port 25 (and, often annoyingly, will limit how many legit emails you can send out over a certain period of time). You can request an allowance of a specific mail server, but the process is crazy complicated. It’s best to just sneak around them entirely.

  • http://techdirt.com/ Mike Masnick

    AT&T; definitely blocks using any other smtp server on port 25 (and, often annoyingly, will limit how many legit emails you can send out over a certain period of time). You can request an allowance of a specific mail server, but the process is crazy complicated. It’s best to just sneak around them entirely.

  • Timon

    This is true with ATT. I can connect to my own server over SSL on port 465, this seems to work for the outgoing blocking problem, and works at cafes etc too.

  • Timon

    This is true with ATT. I can connect to my own server over SSL on port 465, this seems to work for the outgoing blocking problem, and works at cafes etc too.

  • dimitris

    Oh, it gets even nicer. I’ve experienced a WiFi hotspot (T-Mobile) which was attempting to transparently proxy – i.e. spoof – outbound SMTP connections on port 25.

    I’m also aware of at least one, non-US, residential DSL ISP which was (and still is, to the best of my knowledge) spoofing port 25 in the same way.

    So far, I haven’t come across any bit-pusher that has attempted to block port 587, and I only use SSL/TLS over that anyway. I also have access to a SMTP server with a custom port.

  • dimitris

    Oh, it gets even nicer. I’ve experienced a WiFi hotspot (T-Mobile) which was attempting to transparently proxy – i.e. spoof – outbound SMTP connections on port 25.

    I’m also aware of at least one, non-US, residential DSL ISP which was (and still is, to the best of my knowledge) spoofing port 25 in the same way.

    So far, I haven’t come across any bit-pusher that has attempted to block port 587, and I only use SSL/TLS over that anyway. I also have access to a SMTP server with a custom port.

  • Fishbane

    Yes, this is common. And as Dimitris notes, some try to bridge/proxy the connection, even with SMTPS, which really creeps me out.

    After getting sick of dealing with this (I run my own few machines for personal/professional use, and travel a lot consulting with small businesses, who frequently use retarded consumer-grade bandwidth), I just started using ssh port forwarding on a nonstandard port.

    But try explaining this to someone who doesn’t geek about for a living.

    Without taking a stand on the whole NN thing (which is really meaningless, without defining terms), filtering and/or monitoring my traffic based on port numbers is evil. It may make the pointy hairs happy. It may be that from a pure utility perspective, it cuts down on spam, or P2P, or whatever the current evil is. But if I want to spam from a client site or a hotel network, you’re not going to stop me, at least that way. (Note: I don’t want to.) It just drives an arms race, complicates networks, confuses consumers, and makes everyone’s life hell.

  • Fishbane

    Yes, this is common. And as Dimitris notes, some try to bridge/proxy the connection, even with SMTPS, which really creeps me out.

    After getting sick of dealing with this (I run my own few machines for personal/professional use, and travel a lot consulting with small businesses, who frequently use retarded consumer-grade bandwidth), I just started using ssh port forwarding on a nonstandard port.

    But try explaining this to someone who doesn’t geek about for a living.

    Without taking a stand on the whole NN thing (which is really meaningless, without defining terms), filtering and/or monitoring my traffic based on port numbers is evil. It may make the pointy hairs happy. It may be that from a pure utility perspective, it cuts down on spam, or P2P, or whatever the current evil is. But if I want to spam from a client site or a hotel network, you’re not going to stop me, at least that way. (Note: I don’t want to.) It just drives an arms race, complicates networks, confuses consumers, and makes everyone’s life hell.

  • http://hobbywedkarstwo.blogspot.com/ Tom

    Thanks for informatiion:)

  • http://hobbywedkarstwo.blogspot.com/ Tom

    Thanks for informatiion:)

  • http://hobbywedkarstwo.blogspot.com/ Tom

    Thanks for informatiion:)

Previous post:

Next post: