Agile Tortoise
Greg Pierce’s blog
« Another day… Perl »
Port 25 filters vs. SPF
There is likely to be some confrontations in the works between the major ISPs and Sender Policy Framework advocates in the near future. Blocking port 25 (SMTP) to servers outside the control of the ISP is becoming quite common. It’s also common at certain semi-public networks like Hotels, which require you to change your mail settings and use their server.
SBC has just implemented Port 25 filtering on their DSL. Bell South already has had it in place. Earthlink has done it forever. I recently had occassion to speak with one of the major regional network admins for Charter Communications, and he said they were considering it on their cable and fiber broadband as well. He said it was a purely practical decision to avoid having their networks used for spamming. Not just by live spammers, but by viruses and worms with their own SMTP engines. They have the numbers to prove that it’s a necessary move, appearently, to conserve network resources.
SPF, however, can’t adequately account for this trend. The whole point of SPF is relieve spoofing concerns and increase the tracebility of mail by keeping it flowing through only the servers approved for use by the email’s domain name. Yes, I can include my home DSL provider in my SPF record, but that’s still very limiting…and I can’t practically include the ISPs of every one at work on our corporate SPF record.
I’m not sure what the best way to resolve this contradiction of approaches is, but it’s going to become an issue if SPF is going to get any traction. Right now, I provide listeners on alternate ports on my mail servers to work around port 25 filters, but I feel like that’s hack. I don’t think it’s a good idea to push the traffic to other ports.
