Re: Why do so few mail providers support Port 587?

[Nils Ketelsen <nils.ketelsen () kuehne-nagel com>]

On Mon, Feb 28, 2005 at 05:13:35PM -0500, Valdis.Kletnieks () vt edu wrote:

> On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:
> > An interesting theory. What is the substantial difference? For
> > me the security implications of "allowing the user to bypass our
> > mailsystem on port 25" and ""allowing the user to bypass our mailsystem on
> > port 587" are not as obvious as they maybe are to you.
>
> The big difference is that if they connect on outbound 25, they're basically
> unauthenticated at the other end.  Port 587 "should be" authenticated, which
> means that the machine making the connection out is presumably a legitimate
> user of the destination mail server.

Okay, the main difference seems to be:

1. People here trust, that mailservers on port 587 will have
better configurations than mailservers on port 25 have today. I
do not share this positive attitude.

2. Port 587 Mailservers only make sense, when other Providers block
port 25. My point is: If my ISP blocks any outgoing port, he is no longer
an ISP I will buy service from. Therefore I do not need a 587-Mailserver,
as I do not use any ISP with Port 25-Blocking for connecting my sites or
users.

 
> If you're managing a corporate network, then yes, the distinction isn't
> that obvious, as you're restricting your own users.  If you're running an
> ISP, you're being paid to *connect* people to other places, and making it
> more difficult than necessary is.. well... a Randy Bush quote. ;)

I agree. Just as I said: If the ISP blocks (and I do not care which port
he blocks), then it's time to go and look for another ISP. If I buy
Internet I do not want a provider that decides for me which parts of it I
am allowed to use today and which I am not.

"Wehret den Anfaengen" is the german saying, I currently cannot find a
good translation for.

Nils