North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: Jim Popovitch
  • Date: Sat Feb 26 17:59:20 2005

> (as you say, blocking port 587 makes no sense).

Let me get this straight... it makes no sense to block a port that will
allow unlimited relaying of all sorts of malware by only verifying an
easily purchased or stolen username and password? 

If someone uses a big-ISP network to forward business impacting malware
thorough your small-biz email server, using questionably gained 587
credentials, who is going to get sued?  Is it safe enough for the
big-ISP to say "we just route whatever our customer de'jour sends"?   

I am against port blocking as much as the next guy, I just see port 587
as a disaster waiting to happen.  ISP provided email credentials are
universally transmitted in plain text.  If an (insert any ISP here)
employee can be arrested for selling email addresses to spammers, what
keeps them from collecting and selling 587 credentials?

I understand that ISPs are trying to find a roaming solution for your
customers.  I just want you to find one that is *better* than simple
port-587-auth-before-open-relay.  For starters I would recommend that
587 access NOT be enabled by default for all users.  Let it be by
special request, and even then with some "teeth" involved.

-Jim P.