North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: Daniel Golding
  • Date: Tue Feb 15 21:51:30 2005

On 2/15/05 9:36 PM, "Thor Lancelot Simon" <tls@NetBSD.org> wrote:

> 
> On Wed, Feb 16, 2005 at 02:23:04AM +0000, Adrian Chadd wrote:
>> 
>> Quite useful when it works (read: the other party has implemented
>> AUTH-SMTP on port 587).
> 
> And if they's implemented unauthenticated SMTP on port 587, like,
> say, Sendmail, you've achieved nothing, or possibly worse, since you
> have encouraged people to simply run open relays on a different port
> than 25.  How long do you think it's going to take for spammers to
> take advantage of this?  (That's a rhetorical question: I already see
> spam engines trying to open port 587 connections in traces).
> 
> Slavishly changing ports isn't the solution.  Actually using authentication
> is the solution.  It is silly -- to say the least -- to confuse the benefits
> of the two.
> 
> Thor

Thor,

I don't think anyone is confusing the benefits. Sean's suggestion was quite
clear. Run SMTP-Auth on port 587 and leave port 25 for email from other mail
servers. There are lots of benefits to this approach.

For one thing, it eliminates a lot of the "reasons" for provider email
smarthosting, which needs to go away due to massive abuse. Sender email
authentication will make smarthosting obsolete and users will need a
different way of sending outgoing mail that isn't spam to their own mail
servers for legitimate relay. ISPs filter port 25 outbound, but leave 587
open with the idea that users would have to authenticate against distant
mail servers on that port. Everything works well.

587 running SMTP auth (and relaying for authenticated users) and port 25 for
local (non relay) delivery without authentication should be the default on
all servers. 

-- 
Daniel Golding
Network and Telecommunications Strategies
Burton Group