RE: [DEPLOY] General Issue w/ISPs blocking Port 25

["Scott Kitterman" <scott@xxxxxxxxxxxxx>]

> -----Original Message-----
> From: owner-ietf-mxcomp@xxxxxxxxxxxx
> [mailto:owner-ietf-mxcomp@xxxxxxxxxxxx]On Behalf Of Matthias Leisi
> Sent: Monday, September 06, 2004 3:30 PM
> To: IETF MARID WG
> Subject: [DEPLOY] General Issue w/ISPs blocking Port 25
>
> Since a few days, I check for SPF records at the MTA, and I noticed one
> particular issue. I'm not sure whether the drafts (-submit) are the
> right place to mention this issue, or whether some BCP would be
> appropriate.
>
> I've encountered a number of ISPs where users are unable to do outbound
> connections with dst port 25, but are limited to the ISPs Smarthost.
> Although I haven't seen it yet, but I suspect that Port 587 as per RFC
> 2476 (Message Submission) may be blocked as well if it's use is adopted
> more widely.
>
> Obviously, that is pretty efficient to stop certain categories of junk
> (-sources), and is generally not an issue, if the Smarthost allows
> arbitrary 821/822 From's.
>
> However, with strict SPF (or SenderId) checking, this /does/ become an
> issue, since a domain owner will most likely not add some random
> Smarthost to the list of designated mailers.
>
> -submitter mentions the use of SUBMIT briefly, but maybe the
> implications of the (how common?) blocking of dst port 25 should be
> mentioned.
>
Is use of SUBMITTER were clarified as I suggested here:

http://www.imc.org/ietf-mxcomp/mail-archive/msg04034.html

Then transparent redirection would no longer be an issue, because the PRA
should be in the domain of the smarthost.  If the smarthost uses a SUBMITTER
from it's domain and an appropriate RFC 2822 header so it validates, the
domain owner you mention doesn't have to worry about this.

Scott Kitterman