As part of our commitment to providing high-quality internet service while safeguarding our customers and network, Rapidnet Broadband blocks port 25 for outbound SMTP (Simple Mail Transfer Protocol) traffic. While this port remains open for inbound traffic, we restrict outbound access to ensure the integrity of our IP reputation and to prevent the misuse of our network for malicious activities such as spam distribution.
Why We Block Outbound Port 25
Port 25 is the default port used for unauthenticated SMTP communications between mail servers. While this port is essential for mail servers to communicate with one another, its open status can make it a prime target for spammers, compromised devices, and other malicious actors. Here are the key reasons for our policy:
-
Preventing Spam: One of the primary reasons for blocking outbound port 25 is to mitigate spam. When left unregulated, malware-infected machines or unauthorized users can exploit this port to send large volumes of unsolicited emails (spam). This can lead to our IP ranges being blacklisted, severely damaging our ability to provide reliable service to customers.
-
Maintaining IP Reputation: Major email providers such as Gmail, Yahoo, and Outlook use sophisticated spam detection systems that rely heavily on the reputation of the sending IP addresses. If any of our IP addresses were flagged for sending spam, it would negatively affect our entire customer base. Blocking outbound port 25 ensures that our network is not hijacked for malicious emailing, preserving the clean reputation of our IP ranges.
-
Industry Best Practice: Blocking outbound port 25 is widely recognized as an industry-standard practice, especially for ISPs. Many major ISPs, including Comcast, Verizon, and AT&T, have similar policies to prevent spam and preserve the integrity of their networks. By only allowing authenticated SMTP submissions via ports like 465 (SMTPS) or 587 (Submission), ISPs can maintain tighter control over email traffic while ensuring legitimate email services are still accessible.
-
Security: Outbound port 25 is a common attack vector for bots, malware, and other malicious software. Blocking it helps secure customer devices from being used in botnet activities that could tarnish their reputation and harm network performance.
Allowing Alternative Secure Ports
While we block outbound traffic on port 25, Rapidnet allows email submissions through alternative, more secure ports:
- Port 465 (SMTPS): For secure, encrypted SMTP connections using SSL.
- Port 587 (Submission): For submitting email with authentication, ensuring that only verified users can send emails from our network.
These ports require proper authentication, ensuring that all email traffic originating from our network is secure, verifiable, and less prone to abuse.
RFCs and Related Standards
Several key RFCs (Request for Comments) guide best practices for email delivery and the responsible management of SMTP traffic:
- RFC 5321: Defines the SMTP protocol, including the standard usage of port 25 for server-to-server communications.
- RFC 5068: Provides guidelines for controlling email abuse, strongly recommending that ISPs filter outbound SMTP traffic to reduce spam.
- RFC 4409: Specifies the use of port 587 for mail submission, requiring authentication to ensure that only legitimate users are allowed to send email from a network.
By adhering to these standards, Rapidnet aligns with industry best practices for secure email delivery and network protection.
Blocking outbound port 25 is a vital step in protecting our network, customers, and overall IP reputation. It prevents malicious actors from misusing our infrastructure for spam and helps us maintain a high standard of service. For legitimate email traffic, we provide secure and authenticated alternatives that comply with modern best practices, keeping our network safe while ensuring our customers can reliably communicate via email.
If you have a specific case or need to for outbound TCP/25 traffic please contact support@rapidnet.co.za
