Port 587 vs. 25 [was: DNS Hijacking by Cox]
Patrick W. Gilmore
patrick at ianai.net
Mon Jul 23 08:03:48 UTC 2007
On Jul 23, 2007, at 2:18 AM, Florian Weimer wrote:
> * Sean Donelan:
>> On Sun, 22 Jul 2007, William Allen Simpson wrote:
>>> Comcast still blocks port 25. And last week, a locally well-
>>> known person
>>> was blocked from sending outgoing port 25 email to their servers
>>> from her
>>> home Comcast service.
>>
>> MSA port 587 is only 9 years old. I guess it takes some people
>> longer
>> than others to update their practices.
>
> You missed the "to their servers" part (I don't think it's singular
> "they" 8-). At the intra-ISP level, submission vs. SMTP does not
> really matter because it's all local policy. If they block her on
> 25/TCP on their own servers, they can easily block her on 587/TCP,
> too.
They can, but they do not. AFAIK, not a single ISP redirects port
587 to their own servers.
Which is a good thing, since port 587 is usually backed by
authentication. Which means you know who sent the mail (or at least
which password was stolen to do so). And that is all people are
looking for at this level - some way to tell who sent the mail so it
can be stopped.
IOW: ISPs have no real reason to stop port 587, they do have a reason
(whether you agree it is sufficient or not) to filter port 25.
--
TTFN,
patrick
More information about the NANOG
mailing list