Port25 blocking

biohazardmailA number of hosting providers are blocking outgoing port25. This has implications for a lot of smaller senders who either want to run their own mail server or who use SMTP to send mail to their ESP.

What is port25

Port25 is the designated email sending channel. Much like websites are on port80 (or 8080) and DNS is on port53, email is sent over port25. Mostly.

Why block Port25

Port25 blocking is a way for hosting providers to control and monitor the mail their customers send. They can block any ongoing connections on port25. Typically the hosting company provides a mail relay for all customers to use.
The big benefit of port25 blocking is preventing infected machines from having access to big pipes to send malicious mail. While we mostly talk about botnets infecting Windows machines, there are a large number of compromised Linux machines, too. The hosting company can run outbound filters on the server they control and force all their customers to send through that server.

Challenges with Port25 blocking

Senders who are hosted at a company that blocks port25 can have problems sending bulk mail. Some senders use port25 to send mail from their internal servers to their ESP. If they’re behind a port25 block, this won’t work. There are, however, still ways to get email to the ESP.

What can you do if you’re port25 blocked?

First is contacting your provider and asking them to open port25 for your systems. We had to do this recently when spinning up IPv6. By default our provider blocks port25 on  IPv6. There were some hoops you need to jump through, but they took Steve only an hour or two to accomplish.
Second is contacting your ESP and seeing if they accept mail in ways other than port25. Some ESPs are supporting port587 for mail, others have APIs that don’t use SMTP for email submission.
Third is using a cloud service to generate your mail. I know a number of companies who use AWS systems to create messages that are then sent out through their ESP.
Overall, port25 blocking is a good thing. It is a security improvement. Yes, it does inconvenience some people, but usability is starting to take a back seat to security these days.

Related Posts

What happened with the CBL false listings?

The CBL issued a statement and explanation for the false positives. Copying it here because there doesn’t seem to be a way to link directly to the statement on the CBL front page.

Read More

Increase in CBL listings

Update: As of Nov 24, 2015 11:18 Pacific, Spamhaus has rebuilt the zone and removed the broken entries. Expect the new data to propagate in 10 – 15 minutes. Delivery should be back to normal.
The CBL issued a statement, which I reposted for readers that find this post in the future. I think it’s important to remember there is a lot of malicious traffic out there and that malicious traffic affects all of us, even if we never see it.
Original Post from 10am pacific on Nov 24
cbl-logo-2012
Mid-morning west coast time, I started seeing an uptick in reports from many ESPs and marketers that they were getting listed on the XBL/CBL. Listings mentioned the kelihos spambot.

Read More

Politics and Delivery

Last week I posted some deliverability advice for the DNC based on their acquisition of President Obama’s 2012 campaign database. Paul asked a question on that post that I think is worth some attention.

Read More