ietf-smtp
[Top] [All Lists]

RE: port number for smtp over ssl

2003-01-16 12:42:37


From: ned(_dot_)freed(_at_)mrochek(_dot_)com 
[mailto:ned(_dot_)freed(_at_)mrochek(_dot_)com]
Sent: Thursday, January 16, 2003 8:20 AM

At a minimum, there needs to be some dialogue between the ops
community and the email community to resolve this.

How should we proceed?

The email community has already specified a solution to this
problem. All you have to do is use it. I'm really not sure
what else needs to be said.

The problem is that until the *ops* community changes its approach, the
poor end user is stuck.  As Dave points out, most ISPs now seem to block
port 25 (except to their own servers), presumably as an "anti-spam"
measure.  In reality, I think, they don't actually care about spam, but
want to make sure that one of their assigned IP addresses doesn't appear
in spam and thus end up in a RBL.

RBL lists aren't the problem so much as DULs.

If you're only using a provider as
dial-up Internet access you don't have a mail account with the provider
and thus can't use their SMTP server; if they block port 25 you can't
use any other server.  You're stuck.

Yes. Regardless of why port 25 is blocked, it does get blocked. This is one of
the reasons why SMTP submission as an SMTP extension on port 25 didn't happen.

Registering SMTPS again would only provide short-term relief (providers
would soon block it as well) at the cost of creating standards
confusion.

Exactly right. SMTPS really is a solution to a very different problem, one
that cannot be leveraged as a solution to the problem you describe except in,
as you say, the short term.

The SMTP submission port faces the same problem - the moment
spammers start using it, the providers will block it.

I don't think this follows. Port 25 offers access to email everywhere, so
spammers willing to send their stuff directly can use to reach whoever they
please. SMTP submit, OTOH, only offers access to the system where you have  an
account.

I suppose it is possible for a spammer to set up an account with provider A and
use an account on provider B to access provider A through SMTP submit, but this
really is a much more complex proposition than what is often the case, and
what, I think, operations folks are attempting to prevent when they block port
25.

I think the
problem really comes from brain-dead maintenance and use of RBLs - no
ISP wants one of their assigned IPs appearing as the originating address
of spam, so they'll always block any mail submission mechanism that
isn't to one of their own servers.

I agree, modulo the sort of list you're talking about.

How we fix this is a really good question...

IMO the only way to fix it is to get the message out. We have the solutions;
they just need to be used. RIght now the problem is less one of providers
blocking SMTP submit than it is of providers not offering submission
services at all.

                                Ned

<Prev in Thread] Current Thread [Next in Thread>