Outgoing SMTP Servers

John van Oppen jvanoppen at spectrumnet.us
Wed Oct 26 21:12:07 UTC 2011

On our retail footprint we block outbound traffic from customers with dynamic IPs towards port 25, our support tells them to use their ISP's port 587 server....   That being said, since all of our home users have 50 mbit/sec or greater upload speeds we are pretty paranoid about the amount of spam that could be originated.

We don't block anything on static assignments.   Honestly, even as a very geeky user, I probably would not have noticed the block and I can confirm that it is massively important to lowering our spam footprint as a network.

I asked our support people, and none of them had ever really had an issue with this policy in terms of keeping customers.   I agree with Ricky's current comment on this thread, blocking is unfortunately necessary on the modern consumer portions of the internet. 

John van Oppen

-----Original Message-----
From: Owen DeLong [mailto:owen at delong.com] 
Sent: Monday, October 24, 2011 9:37 PM
To: Dennis Burgess
Cc: nanog at nanog.org
Subject: Re: Outgoing SMTP Servers

On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:

> I am curious about what network operators are doing with outbound SMTP
> traffic.  In the past few weeks we have ran into over 10 providers,
> mostly local providers, which block outbound SMTP and require the users
> to go THOUGH their mail servers even though those servers are not
> responsible for the domains in question!  I know other mail servers are
> blocking non-reversible mail, however, is this common?  And more
> importantly, is this an acceptable practice?

It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general agreement,
even among them seems to be that only 25/tcp should be blocked and that
465 and 587 should not be blocked.

> Most of our smaller ISPs that we support; we allow any outbound SMTP
> connection, however we do watch residential users for 5+ outbound SMTP
> connections at the same time.  But if the ISP has their own mail

> servers, and users wish to relay though them, we basically tell them to
> use their mail server that they contract with.  What is the best
> practice? 

Best practice is to do what works and block as much SPAM as possible without
destroying the internet in the process. There are those who argue that blocking
25/tcp does not destroy the internet. By and large, they are the same ones who
believe NAT was good for us.


More information about the NANOG mailing list