ingress SMTP

Jean-François Mezei jfmezei at
Thu Sep 4 06:05:52 CDT 2008

re: intercepting port 25 calls and routing them to the ISP's own SMTP

Consider an employee of working from home. he connects to's SMTP server to send mail, but his ISP intercepts the
connection and routes the email via its own. The email will then be sent
 by the ISP's SMTP server.

In a context where SPF has been implemented, it means that the email
will have been sent by an SMTP server that has not been authorized to
send emails from "" and thus rejected by the recipient, and
it is not clear how the rejection message would be handled.

Also, the ISP might not only intercept the call, but then reject the
email because it doesn't have a "from" from the ISP's domain.

Secondly, and more importantly. If you are dealing with mass market ISPs
who have clear "no servers" policies, then no customer would have
legitimate need to run an SMTP server from home.

However, there are smaller ISPs who do cater to SOHO /small businesses
and those would have legitimate needs to run their own SMTP servers, and
if the small ISP ends up using "last mile" from a large ISP, that large
ISP would be negatively impacting the smaller ISP's customers.

One option is to block port 25, but allow unblocking on an individual
basis to those who have fixed IPs or make a good justification to their
ISP that they need the port unblocked.

In terms of mass-market people using email services from the outside of
their ISP (hotmail, yahoo, gmail), then I guess port 587 would be the
required way to get it done).

More information about the NANOG mailing list