dslreports logo
Search similar:


uniqs
30459

somebodeez
MVM
join:2001-09-24
here

somebodeez

MVM

[northeast] Important Changes to Your Email Service -

A friend passed this email along to me. I haven't received it myself.
Has anyone else gotten this?
From: "Verizon Online"
Date: Thu, 27 Aug 2009 13:07:41 -0500 (CDT)
To: Valued Verizon Customer
Subject: Important Changes to Your Email Service - Your Action May Be Required

Dear Verizon Online Customer,

Verizon Online will soon be making changes to our network to further strengthen the security of our customers’ email messages and our network and to help prevent spam.

We have blocked incoming email from Port 25, which is the default port used by email programs to connect to email servers and to send email, for some time now. We are now taking the additional step of blocking outgoing e-mail messages from Port 25 to help ensure that our network is not used by spammers. Depending on whether you use a web-based email service or an email program such as Microsoft Outlook®, you may need to make changes to your computer settings to ensure that your ability to send email is not interrupted.

If you use a web-based Email service (either Verizon.net or a third party email service, such as Gmail, Hotmail, Yahoo, AOL, etc.):

If you use a web-based email service to send your email, you do not need to do anything as our implementation of Port 25 blocking for outgoing email messages will not affect your ability to send or receive web-based email.

If you use a third party Email service such as Gmail, Hotmail, Yahoo, AOL and an Email program such as Microsoft Outlook:

If you use an email service other than Verizon.net (such as Gmail, Hotmail, Yahoo, AOL, etc.) to send email through a program like Microsoft Outlook, you will need to make the following modification to your computer settings so that your ability to send email will not be affected:

Change the port number in the “Advanced” section of your email program from Port 25 to Port 587. Detailed instructions on how to change the port settings on your computer can be found at www.verizon.net/port25.

If you’re using an email provider other than Verizon.net (such as Gmail, Hotmail, Yahoo, AOL, etc.) to send email through your email program and you are unable to send email after making the change to Port 587, please contact your email provider for additional information on their recommended port settings.

The above changes are necessary in order to allow you to continue to send email through your email program after September 15, 2009.

Thank you for being a valued Verizon customer.

Sincerely,

Verizon Online

matcarl
Premium Member
join:2007-03-09
Franklin Square, NY

matcarl

Premium Member

I haven't seen it yet, but I'm glad they are doing something about this ever increasing spam!!

nycdave
MVM
join:1999-11-16
Melville, NY

nycdave to somebodeez

MVM

to somebodeez
Yes, that is a legitimate Verizon email - outbound port 25 blocking is taking place, and it will be gradually rolled out everywhere....

somebodeez
MVM
join:2001-09-24
here

1 edit

somebodeez

MVM

Many thanks
So since I use Hotmail and GMail through OE, I'll need to change ports for those 2 services but not for my Verizon account, yes?
(I know my Hotmail account will need to be changed soon anyway)

Rattler
join:2001-04-13
Havertown, PA

Rattler

Member

You might as well do it for your Verizon account(s) as well. If you use a laptop and access V's SMTP servers from another provider (e.g. Cox, Comcast, OOL), when you are on the road, port 25 access to V's SMTP servers would be blocked from those sources.

While you are doing it for the others, it would be easy to make the change for your V* account(s) as well. I did it a while back when they first announced the incoming port 25 block.

ajc18
aka IGnatius T Foobar
join:2000-05-06
Mount Kisco, NY

ajc18 to somebodeez

Member

to somebodeez
Unfortunately this is standard practice among consumer ISP's nowadays. Don't blame the ISP's -- blame Microsoft for creating an operating system with the security level of a piece of swiss cheese.

DoubleTap
'Let's Go Brandon'
Premium Member
join:2000-10-18
Jerseyastan

DoubleTap to somebodeez

Premium Member

to somebodeez
Thanks for the info, I just edited my Outlook.

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr to somebodeez

MVM

to somebodeez
What's special about 587 that keeps the spammers from just changing the port number in their malware?

As good a place as any to explain why this is a good idea.

jmn1207
Premium Member
join:2000-07-19
Sterling, VA

1 edit

jmn1207

Premium Member

said by birdfeedr:

What's special about 587 that keeps the spammers from just changing the port number in their malware?

As good a place as any to explain why this is a good idea.
It's explained in this article.

»voices.washingtonpost.co ··· loc.html
Many ISPs have migrated customers away from Port 25 to sending and receiving e-mail on port 587, which - unlike Port 25 - requires the sender to authenticate him or herself with a username and password before it will permit the sending or relaying of e-mail.

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr

MVM

Answering my own question:
quote:
Port 587 is for users to send out emails on. Port 25 is for servers to relay messages to one another. That way ISPs can block outgoing SMTP on their networks but still allow users to send email to any mail server through port 587.
from »www.mostlygeek.com/tech/ ··· ort-587/

somebodeez
MVM
join:2001-09-24
here

somebodeez to birdfeedr

MVM

to birdfeedr
said by birdfeedr:

What's special about 587 that keeps the spammers from just changing the port number in their malware?

As good a place as any to explain why this is a good idea.
I was wondering that myself.
Thanks

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr to jmn1207

MVM

to jmn1207
said by jmn1207:

It's explained in this article.

»voices.washingtonpost.co ··· loc.html

In a comment appended to that article, someone says
quote:
Anyone that has ever operated a mail server and read any of the RFCs can quickly tell you that there is no difference in using port 587 and port 25 if the same measures that RFC 4409 (the RFC speaking to port 587) are implemented on port 25 (including smpt-auth). Authentication, verification, filtering, and rejection are not exclusive to port 587 as this article would like you to believe. Most ISP's and webhosting companies do this very thing on port 25 for specific mail servers. Try reading RFC 4409 (the RFC that speaks to port 589). All it does is create a scenario where an SMTP server is to be run on port 589 instead of 25 for no other reason than to behave like what most servers in a responsible environment are already doing. Yes, they are acting like submission servers... so what? If that is their purpose, they're doing what they are supposed to - regardless of what port they are running on.
Except for the typo about 589 instead of 587, it seems he's saying it's no big deal.

Is it? Are there additional measures VZ is taking to help clean up the outgoing spam problem? It does seem a port change only is only a short-term contribution.

jmn1207
Premium Member
join:2000-07-19
Sterling, VA

jmn1207

Premium Member

I don't know much about this stuff, or anything really.

I was curious and found some great info that explains more about port 587 and how its use helps to prevent spam, or at least some methods of spam delivery.

»wiki.ctyme.com/index.php ··· pam_Bots

ajc18
aka IGnatius T Foobar
join:2000-05-06
Mount Kisco, NY

ajc18 to birdfeedr

Member

to birdfeedr
In many email systems, port 587 will *only* accept mail from users who perform a successful SMTP-AUTH. Please refer to section 3.3 "Authorized Submission" of RFC2476 [»www.ietf.org/rfc/rfc2476.txt] which describes the difference between an MTA (Mail Transport Agent, port 25) and an MSA (Mail Submission Agent, port 587).

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to ajc18

MVM

to ajc18
said by ajc18:

Unfortunately this is standard practice among consumer ISP's nowadays. Don't blame the ISP's -- blame Microsoft for creating an operating system with the security level of a piece of swiss cheese.
In fact, this problem is unrelated to Microsoft operating systems, and would exist if only Linux and Unix were on the Internet. It is related to the fundamentally insecure SMTP protocol being used for both mail transport (which was the intended purpose of SMTP) and message submission (which should require more robust security than was originally available).

altermatt
Premium Member
join:2004-01-22
White Plains, NY

1 edit

altermatt to somebodeez

Premium Member

to somebodeez
Please help clarify what sounds like a devastating problem for me: I send emails from my own domains through port 25 while connected by FIOS, through Eudora (and sometimes Outlook)...does this mean that I will no longer be able to send any emails from any FROM addy other than a verizon addy? What about the many thousands of home-based freelancers, etc. who send from home, but must have their domain name rather than verizon as the from addy? (I'm not talking about full-blown full-time businesses which might have a business FIOS account, which I assume doesn't block the use of port 25.)

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to birdfeedr

MVM

to birdfeedr
You can secure the message submission servers by requiring secure authentication, but you can't secure the domain gateway (MX) mails servers in that fashion. Unfettered access to outbound port 25 means that any Verizon customer can connect to my gateway mail server, and send any email they like into my domain (though they can't relay through it). I can't require SMTP AUTH of 'QMTA12.emeryville.ca.mail.comcast.net', or 'col0-omc4-s5.col0.hotmail.com', or 'n7.bullet.mail.ac4.yahoo.com'; rather, nobody can expect those servers to maintain a thousand different logins for a thousand different gateway mail servers. So my server is open to abuse from 'pool-138-88-213-109.res.east.verizon.net'; unless Verizon lists it with the DNSBLs, and I use the DNSBL which has it listed. Easier, all around, to just block it within the Verizon network, as the other ISPs are doing.
NormanS

NormanS to altermatt

MVM

to altermatt
said by altermatt:

Please help clarify what sounds like a devastating problem for me: I send emails from my own domains through port 25 while connected by FIOS, through Eudora (and sometimes Outlook)...does this mean that I will no longer be able to send any emails from any FROM addy other than a verizon addy?
No. It means that you won't be able successfully connect to 'pbimail1.prodigy.net' to send email from any email address, even 'verizon.net', to any 'pacbell.net' email address.
What about the many thousands of home-based freelancers, etc. who send from home, but must have their domain name rather than verizon as the from addy?
I do that from my AT&T residential DSL connection. I just don't try to connect directly with 'relay.verizon.net' to send email to any 'verizon.net' user. Instead, I relay through 'smtp.pacbell.net'.

seaquake
MVM
join:2001-03-23
Millersville, MD

seaquake to somebodeez

MVM

to somebodeez
Went ahead and made the changes. Wish they'd concentrate on fixing their IMG instead of this, though

Anorexorcist
Premium Member
join:2005-08-21
Stamford, CT

Anorexorcist to ajc18

Premium Member

to ajc18
said by ajc :
blame Microsoft for creating an operating system with the security level of a piece of swiss cheese.
Wow, I guess some people really are stuck in 1998...on rooted *nix boxes and all.

In any event, this is ultimately a positive move by Verizon.

nixen
Rockin' the Boxen
Premium Member
join:2002-10-04
Alexandria, VA

nixen to birdfeedr

Premium Member

to birdfeedr
said by birdfeedr:
said by jmn1207:

It's explained in this article.

»voices.washingtonpost.co ··· loc.html

In a comment appended to that article, someone says
quote:
Anyone that has ever operated a mail server and read any of the RFCs can quickly tell you that there is no difference in using port 587 and port 25 if the same measures that RFC 4409 (the RFC speaking to port 587) are implemented on port 25 (including smpt-auth). Authentication, verification, filtering, and rejection are not exclusive to port 587 as this article would like you to believe. Most ISP's and webhosting companies do this very thing on port 25 for specific mail servers. Try reading RFC 4409 (the RFC that speaks to port 589). All it does is create a scenario where an SMTP server is to be run on port 589 instead of 25 for no other reason than to behave like what most servers in a responsible environment are already doing. Yes, they are acting like submission servers... so what? If that is their purpose, they're doing what they are supposed to - regardless of what port they are running on.
Except for the typo about 589 instead of 587, it seems he's saying it's no big deal.

Is it? Are there additional measures VZ is taking to help clean up the outgoing spam problem? It does seem a port change only is only a short-term contribution.
Even if Internet standards specifications for port 25 didn't pretty much negate setting it up to *require* authentication, scalability would. At this point, port 25 is basically designed as a destination-transport specification.

Port 587, on the other hand, was standardized *specifically* for email client relaying purposes. It was intended to support authenticated traffic. Because it operates independent of destination services, one can set up an SMTP server to *require* authentication. Requiring authentication means that you're maintaining a list of valid users and associated authentication credentials for those users.

Requiring authentication on port 25 (rather than making it optional) would pretty much break Internet-wide SMTP. In order for one site to send email to another, each site would have to have authentication credentials for the other. Now, think about how many domains and SMTP servers there are out there, each potentially trying to email the other. Say you're a new domain: you'd have to contact each and every SMTP destination you wanted to send email to and work out authentication schemes between (your potentially incompatible) mail authentication systems.

Mechanics aside, just think how big a given SMTP destination's authentication database would have to be. It was this kind of problem that caused the early internet's published hosts tables methodology to be replaced by DNS for name resolution. It's also part of why you'll VERY rarely see UUCP (or similar technologies) in place any more. SMTP is a much more scalable solution versus UUCP (etc.).

altermatt
Premium Member
join:2004-01-22
White Plains, NY

altermatt to NormanS

Premium Member

to NormanS
said by NormanS:

It means that you won't be able successfully connect to 'pbimail1.prodigy.net' to send email from any email address, even 'verizon.net', to any 'pacbell.net' email address.
I'm totally lost with your references to Prodigy---I'm on Verizon FIOS, not Prodigy, as per this forum name. I have no need to send anything through Prodigy.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

1 edit

NormanS

MVM

said by altermatt:

I'm totally lost with your references to Prodigy---I'm on Verizon FIOS, not Prodigy, as per this forum name. I have no need to send anything through Prodigy.
Excuse me for being dense, but you stated, earlier:
quote:
Please help clarify what sounds like a devastating problem for me: I send emails from my own domains through port 25 ...

So you have no correspondents in the 'pacbell.net' domains? If not, nor in any of the other legacy SBC domains; i.e., you don't write to people who were SBC users (but are now AT&T users), then what I said matters not. However, if you send email through your server to 'joe.blow@pacbell.net', you most definitely will go through 'pbimailx.prodigy.net', as that family of gateway mail servers (where 'x' is from '1' to '9') handles inbound email for 'pacbell.net' users. Just 'dig' on 'pacbell.net' to find their MX servers.

Oh, wait; I had assumed that by "I send emails from my own domains through port 25" you meant you were running your own mail server. If not, please explain your actions a little better. You see, you don't need to use port 25, if you are using a proper, and properly configured message submission server. That is what port 587 was intended for!

Mail goes from client to message submission server to mail transfer server to gateway mail server to mailbox. You don't need port 25; only your email provider needs port 25.

altermatt
Premium Member
join:2004-01-22
White Plains, NY

altermatt

Premium Member

No, I am not running my own mail server; sorry if I wasn't clear. I have a number of domains hosted with a regular webhost (NOT an ISP), and send mail regularly (using Eudora, but that shouldn't matter) from me@mycompany.com (not the actual addy of course). It works perfectly now, when connected through FIOS, but from what I'm gathering, this won't work soon.

The webhost says you can use port 26, but I'm not sure that will make a difference.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by altermatt:

The webhost says you can use port 26, but I'm not sure that will make a difference.
It definitely will make a difference. The purpose of port 25 was always, "Mail Transfer", the moving of email between email service providers. Since December, 1998, there has always been a provision for "Message Submission", the uploading of email by end users to their email service providers servers. Nobody ever paid attention to the difference until the spam problem nearly buried the gateway mail servers. That is changing; and Verizon is among the last of the large U.S. ISPs to follow suit.

If your webhosting provider already has port 26 set up, now is the time to change your clients. Test and verify that their service is working on port 26. Once you have done that, it won't bother you when Verizon finally throws the switch.

altermatt
Premium Member
join:2004-01-22
White Plains, NY

altermatt

Premium Member

said by NormanS:

Test and verify that their service is working on port 26. Once you have done that, it won't bother you when Verizon finally throws the switch.
Wow, if that's true (that I can use 26 instead of 587), that would be great. Thank you. Port 26 works fine now, I just wasn't sure it would work after this change.

BTW, I never received any notification of this, and neither have a number of neighbors on FIOS. Seems silly of them to spring this on us; I wouldn't have known about it if I didn't read this forum.

GOS
@verizon.net

GOS to somebodeez

Anon

to somebodeez
Does this policy change means that, if I have my own domain and am running my own mail server at home on verizon fios, I won't be able to receive emails on port 25? What changes do I need to make on my mail server so that I can receive email again?

somebodeez
MVM
join:2001-09-24
here

somebodeez to altermatt

MVM

to altermatt
said by altermatt:

BTW, I never received any notification of this, and neither have a number of neighbors on FIOS. Seems silly of them to spring this on us; I wouldn't have known about it if I didn't read this forum.
I haven't either.
Maybe it's an area by area thing.

syrgeek
join:2009-06-04
Syracuse, NY

1 edit

syrgeek to altermatt

Member

to altermatt
NM.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to GOS

MVM

to GOS
said by GOS :

Does this policy change means that, if I have my own domain and am running my own mail server at home on verizon fios, I won't be able to receive emails on port 25? What changes do I need to make on my mail server so that I can receive email again?
Dynamic DNS Network Services, LLC, offers a service called, "Mailhop Relay". Alas, they want $49.95 a year for the service. Perhaps an Internet search, using the term, "mailhop relay" will turn up a free solution. Otherwise, you will have to pay for a solution.