Re: [DEPLOY] General Issue w/ISPs blocking Port 25

[Yakov Shafranovich <research@xxxxxxxxxxxxxxx>]

See:

http://www.ietf.org/internet-drafts/draft-hutzler-spamops-01.txt

Matthias Leisi wrote:
> Since a few days, I check for SPF records at the MTA, and I noticed one 
> particular issue. I'm not sure whether the drafts (-submit) are the 
> right place to mention this issue, or whether some BCP would be 
> appropriate.
>
> I've encountered a number of ISPs where users are unable to do outbound 
> connections with dst port 25, but are limited to the ISPs Smarthost. 
> Although I haven't seen it yet, but I suspect that Port 587 as per RFC 
> 2476 (Message Submission) may be blocked as well if it's use is adopted 
> more widely.
>
> Obviously, that is pretty efficient to stop certain categories of junk 
> (-sources), and is generally not an issue, if the Smarthost allows 
> arbitrary 821/822 From's.
>
> However, with strict SPF (or SenderId) checking, this /does/ become an 
> issue, since a domain owner will most likely not add some random 
> Smarthost to the list of designated mailers.
>
> -submitter mentions the use of SUBMIT briefly, but maybe the 
> implications of the (how common?) blocking of dst port 25 should be 
> mentioned.
>
> -- Matthias
>
> PS: The naming of SUBMITTER vs. SUBMIT protocol is somewhat confusing.