Home page logo

nanog logo nanog mailing list archives

Re: Why do so few mail providers support Port 587?
From: Chris Horry <zerbey () wibble co uk>
Date: Tue, 01 Mar 2005 15:23:33 -0500

Hash: SHA1

Nils Ketelsen wrote:
On Mon, Feb 28, 2005 at 05:13:35PM -0500, Valdis.Kletnieks () vt edu wrote:

On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:

An interesting theory. What is the substantial difference? For
me the security implications of "allowing the user to bypass our
mailsystem on port 25" and ""allowing the user to bypass our mailsystem on
port 587" are not as obvious as they maybe are to you.

The big difference is that if they connect on outbound 25, they're basically
unauthenticated at the other end.  Port 587 "should be" authenticated, which
means that the machine making the connection out is presumably a legitimate
user of the destination mail server.

Okay, the main difference seems to be:

1. People here trust, that mailservers on port 587 will have
better configurations than mailservers on port 25 have today. I
do not share this positive attitude.

I truly hope this isn't the case, I don't trust any mail server that I
didn't personally configure.

2. Port 587 Mailservers only make sense, when other Providers block
port 25. My point is: If my ISP blocks any outgoing port, he is no longer
an ISP I will buy service from. Therefore I do not need a 587-Mailserver,
as I do not use any ISP with Port 25-Blocking for connecting my sites or

Yes, right up until a) ISPs wise up and start blocking port 587, and
then 465 for good measure.  or b) malware authors wise up.  B will
happen sooner.


- --
Chris Horry KG4TSM   "You're original, with your own path
zerbey () wibble co uk   You're original, got your own way"
PGP: DSA/2B4C654E        -- Leftfield
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]