ISP port blocking practice

Steve Bertrand steve at ibctech.ca
Fri Oct 23 15:35:10 UTC 2009


Chris Boyd wrote:
> 
> On Oct 22, 2009, at 6:14 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
> 
>> My experience is that port 587 isn't used because ISPs block it
>> out-of-hand.  Or in the case of Rogers in (at least) Vancouver, hijack
>> it with a proxy that filters out the AUTH parts of the EHLO response,
>> making the whole point of using the submission service ...  pointless.
> 
> We use 587 quite a lot (with SMTP Auth and SSL/TLS), and have found
> _very_ few places block or proxy it.  We don't have any/many customers
> in Rogers service areas though.
> 
> The biggest reason people don't use it is that it requires some thought
> and tweaking settings in the "advanced" tab areas of many email
> clients.  Newer email clients are actually starting to look for
> submission port and SSL support and configuring it autmatically if they
> find it.
> 
> Once it's set up correctly we've found customers really like it since
> their email "just works" in most places.

I completely agree, and after all was said and done, well worth the effort.

Even today, if users use their age-old setup manual to set up an email
application, they can receive, but not send. We know why immediately
when they call in and state this, and we tell them to expect an email to
fix it, and then send them something like this:

http://eagle.ca/update/mail/Outlook_Express/index.html

...yes, believe it or not, even with the pictures, they will sometimes
still get it wrong ;)

Years in planning and implementation, but a good, large-scale learning
exercise and the achievement of no port 25 that I'm very proud of.

Steve






More information about the NANOG mailing list