Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verizon.net Finally Moving Email To Port 587

Posted by kdawson on from the decade-late-and-a-megabuck-short dept.

The Washington Post's Security Fix blog is reporting that Verizon, long identified as the largest ISP source of spam, is moving to require use of the submission port, 587, in outbound mail — and thus to require authentication. While spammers may still be able to relay spam through zombies in Verizon's network, if the victims let their mail clients remember their authentication credentials, at least the zombies will be easily identifiable. Verizon pledges to clean up their zombie problem quickly. We'll see.

25 of 195 comments (clear)

  1. Finally, Verizon, Finally!! by Smidge207 · · Score: 5, Interesting

    I found out I was a spammer when I investigated a message returned to me. I ended up talking with someone from SORBS. After emailing SORBS a couple of times, I received this message from Michelle Sullivan: "SORBS lists IP addresses that send spam. Often there is real email mixed with the spam, sometimes deliberately, sometimes accidentally. In this case you are using an IP address to send your email that has previously, and is still, sending spam. The IP address is blocked. I'd contact your provider and complain bitterly about it, because it's the provider that is listed, not you specifically."

    I send out a newsletter with about 250 subscribers. After talking with SORBS, I contacted Verizon and found out that, even though we signed up for Verizon Business, they limit the amount of email I can send a week to 500 messages. I rarely approach 200 messages and the newsletter is a monthly. Verizon told me I couldnâ(TM)t even send the newsletter in one blast; I had to limit it to 100 subscribers an hour! And in late Fall 2008, some providers, like MS, would reject my mail simply because it had @Verizon.net in the senderâ(TM)s address. I knew I wasn't sending out large amounts of email, let alone spam.

    Within those imposed limits, Verizon still could not bring its huge entity to investigate my complaint. In late December, we switch to Constant Contact to email the newsletter. While my boss uses Cox since he works mostly from home, the office is still âoeconnectedâ with Verizon!

    Boy, I hate Verizon! Now, maybe they will kill the Zombies from all those dead zones they claim not to have!

    =smidge=

    --
    Is it just my observation, or is eldavojohn an idiot?
    1. Re:Finally, Verizon, Finally!! by Jurily · · Score: 4, Funny

      I send out a newsletter with about 250 subscribers per zombie.

    2. Re:Finally, Verizon, Finally!! by nabsltd · · Score: 4, Informative

      I send out a newsletter with about 250 subscribers. After talking with SORBS, I contacted Verizon and found out that, even though we signed up for Verizon Business, they limit the amount of email I can send a week to 500 messages.

      Verizon Business accounts assume that you will probably be running a business, and have your own domain.

      If you do things this more professional way, there are no limits with Verizon DSL or FiOS (other than the speed you pay for being a "limit").

    3. Re:Finally, Verizon, Finally!! by GoodNicksAreTaken · · Score: 4, Informative

      IANAL, Yet.
      Guess what, "The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email"
      Parent did not specify that it was commercial email and "newsletter" indicates that it likely is not. Even if they were of a commercial nature they would likely be exempted under the CAN-SPAM act as they would qualify as "relationship" messages.

  2. What's this "finally" shit? by the+unbeliever · · Score: 4, Informative

    You can set up port 25 SMTP to require authentication for relay purposes, without having to configure end user's machines for another port.

    1. Re:What's this "finally" shit? by erroneus · · Score: 4, Interesting

      This implies that they are blocking all outbound port 25 requests. All ISPs in Japan that I am aware of have been doing this for a long time. The problem is that if you have a 3rd party email service provider, you can no longer send email through them because port 25 will be blocked and if the other party offers the alternative port as well, it is still often blocked.

      Still, for MOST people, this is a good plan. I just think that users should be informed of this change, informed why it is a good idea for MOST people and to give them an option to "opt out" of the restriction in some way if the restriction is not compatible with their current needs.

    2. Re:What's this "finally" shit? by mibus · · Score: 4, Interesting

      My home ISP (oblig. disclaimer: I now work for them too) has blocked port 25 outbound by default on 'Home' ADSL connections for a while now.

      It's all configurable from the online webtools, so you can turn it back on if you want it.

      And there's even an in-depth FAQ about it on the site.

      IMHO it's a great idea, and I wish more ISPs did it.

    3. Re:What's this "finally" shit? by Buelldozer · · Score: 4, Funny

      So, you spent "many days bitching at my IT guys at work" and in the end the problem was with your Internet Service at home?! You posted this on Slashdot?

      Ummm, yeah, we're going to need your address. I've already handed out the torches and pitchforks.

    4. Re:What's this "finally" shit? by The+Great+Pretender · · Score: 3, Funny

      I live at 1835 73rd Ave NE, Medina, WA 98039

      --
      A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
    5. Re:What's this "finally" shit? by DarkOx · · Score: 3, Interesting

      I have never really understood why this is an issue. I do think ISPs should be upfront about it before you sign up and if they change what ports they block and how they police their network you should be allowed out of the contract. I don't think its fair for them to write terms that say we can limit what you do in any way we like.

      That aside I would like to ask my fellow slashdots running their own mail servers, (I do speakeasy actaully allows this under their tos) why its a problem for you to use your ISP as a smart host?

      Personaly I like it. Unlike at work I don't have to worry about keeping the mail server off the black lists, contacting post masters at other domains to get mistakes corrected etc etc. The ISP does msot of that for me. Now speakeasy will relay for my domain, but I think most ISPs will probably trust whatever is coming from their own network to their relay, I hope they pass it through some outbound filter.

      On the inbound side, the MX record points directly at my ip address so I get to handle the mail coming in a filter/black list etc according to my own needs. TLS works too if things need ot stay private.

      I suppose the only arugment I can think of is even if you are using TLS your ISP can still read your outboand mail, and if I was using version or comcast I might be more concerned about that....

      What are other peoples reasons?

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  3. Verizon spam zombies by benjfowler · · Score: 5, Funny

    I feel a great disturbance in the Force, as if millions of voices cried out in terror and were suddenly silenced...

    1. Re:Verizon spam zombies by SpiffyMarc · · Score: 4, Funny

      They're spam zombies. It's a million voices groaning out URrGgGHghHHhh followed by a couple late chants of "brains."

  4. Re:first by Anonymous Coward · · Score: 3, Funny

    No, the guy posting before you did that ;-)

  5. Comcast by TheNinjaroach · · Score: 5, Funny

    Well your spam made it through, but the response must have been throttled since you didn't get first post. You're a Comcast customer, aren't you?

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  6. Re:Do zombies even use ISP mail servers? by stevey · · Score: 5, Insightful

    Indeed.

    But if you're the ISP you can just say "Hey customers outgoing port 25 is blocked - use authentication and port 587 to send mail".

    In general I'm against ISP blocking services, but in the case of spam prevention its a good choice to make.

    (The ideal would be to allow outgoing, but cut people off if they spam. That would punish only the guilty, but I guess they're not so keen on that).

  7. great, only 7 years late by Indy1 · · Score: 5, Informative

    Verizon has been an epic sewer network for years, and has ignored their spam problem for years. If they want to clean up now (or make a lame attempt to clean up, as most telco's do), fine. It just means less work for iptables at my end.

    For those who are sick of Verizon's bullshit, here's my list (no promises this is complete, but it should have most of em) of Verizon's ip blocks.

      206.46.0.0/16
      66.12.0.0/14
      207.68.0.0/17
      71.96.0.0/11
      72.64.0.0/11
      72.42.0.0/18
      71.160.0.0/15
      71.162.0.0/16
      96.224.0.0/11
      98.108.0.0/14
      98.112.0.0/13
      68.160.0.0/14
      162.84.0.0/16
      162.83.0.0/16
      151.204.0.0/15
      138.88.0.0/21
      66.171.0.0/16
      66.14.128.0/17
      151.201.0.0/16
      138.89.0.0/16
      141.149.0.0/16
      141.150.0.0/15
      141.152.0.0/14
      141.156.0.0/15
      141.158.0.0/16
      68.160.192.0/18
      68.161.192.0/18
      66.14.0.0/17
      151.196.0.0/14
      151.200.0.0/14
      151.204.0.0/15
      129.44.0.0/16
      138.88.0.0/16
      64.222.0.0/15
      68.236.0.0/14
      70.104.0.0/13
      70.16.0.0/13
      71.96.0.0/11
      209.158.0.0/16
      209.159.0.0/19
      71.160.0.0/11
      173.64.0.0/12
      70.192.0.0/11
      66.174.0.0/16
      75.224.0.0/12
      75.240.0.0/13
      75.192.0.0/10
      97.0.0.0/10

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
  8. Re:Do zombies even use ISP mail servers? by Chabo · · Score: 4, Insightful

    In general I'm against monitoring people secretly and continuously; but in the case of cities where children are legally or physically possibly present, it's a good choice to make to stop pedophiles.

    ... what?

    --
    Convert FLACs to a portable format with FlacSquisher
  9. Re:Do zombies even use ISP mail servers? by erroneus · · Score: 3, Interesting

    Yes and it is only a matter of time before that changes and evolves.

    The reason these alternative ports and blocking works is because most everyone else isn't doing this. When it comes to the point where most people are doing this, new methods will arise.

    The first scenario that comes to mind is that the next generation of bot-ware will listen to your outgoing email traffic and learn your password then configure itself to send email based on that information. Then once again, the problem returns. And if *I* can conceive of this, then I *know* spammers have already thought of this. (I am comfortable in the assumption that I have never come up with an original idea.) You can expect this to occur within the next year or so. The drive to these measures are largely based on the size of the target audience after all. (This is the reason Mac OS X is mostly immune to attacks and infection... it isn't yet a big enough target!)

    Things will get crazier before they get better.

  10. Remembering credentials?! by coljac · · Score: 4, Insightful

    I like the suggestion that people are somehow lax in security because their mail client remembers their password. Who are these guys who type the password in every 3 minutes when they check their mail?

    --
    Everyone knows that damage is done to the soul by bad motion pictures. -Pope Pius XI
  11. Re:Do zombies even use ISP mail servers? by robot_love · · Score: 4, Insightful

    He's saying that a losing a little bit of liberty to gain some safety isn't worth it. He did this by cleverly rewording the original poster's statement about email to make it about pedophiles to highlight the fact it's essentially the same issue, simply in a different context.

    --
    .there is enough of everything for everyone.
  12. Yo Dawg, by BrentH · · Score: 3, Funny

    I herd you like emails in your emails, so I put some traffic thru yo traffic.

  13. Completely pointless? by MikeBabcock · · Score: 3, Insightful

    In my opinion, the transition to port 587 is nearly pointless. I already use authentication on port 25 to identify customers.

    And according to one of the only people I'd trust on SMTP issues, "the SUBMIT specification has several fundamental flaws that make compliance practically impossible. I advise against all use of port 587" -- djb.

    --
    - Michael T. Babcock (Yes, I blog)
  14. Re:What ever happened to SSL and port 465? by jeaton · · Score: 4, Informative

    Port 587 was allocated by IANA and is documented by the IETF in RFC 2476, and the STARTTLS capability is documented in RFC 2487. It is not clear from the article whether Verizon is going to require STARTTLS or not. They may require STARTTLS for all mail on port 587 if they so choose.

    I assume that the "full-on SSL" that you would prefer refers to the non-standard port 465 ("SMTPs"). That port was chosen arbitrarily by Microsoft, has not been standardized by any common standards body, and was previously already allocated to "URL Rendesvous Directory for SSM".

    Why perpetuate non-standards when there are established standards which have the same functionality?

  15. hehe by pavon · · Score: 3, Informative

    I just reread your link. In it DJB explicitly advises against running authentication on port 25. In fact, for security reasons, he wrote two separate programs, qmail-smptd and ofmipd, to keep the tasks of relaying authenticated email and accepting mail for local delivery as removed from one another as possible.

    He defends the idea of separating these two tasks, not only to separate ports but separate programs, on this thread on the IETF-SUBMIT mailing list.

    So, yeah, his complaint against port 587 was simply that if you can't implement the SUBMIT standard correctly (which according to him noone can), you should use a different port then the one specified in that standard. The rest of the world doesn't care, because it sees all the various authentication methods (including SUBMIT) as extensions to SMTP, and not as a different protocol (OFMIP as DJB calls them collectively), and have no qualms running a standard (non-SUBMIT compliant) SMTP server on port 587.

  16. Re:PORT 587 THE GATE TO HELL by lgw · · Score: 3, Interesting

    Port 666 is reserved for Doom (video game)

    Wow, I thought AC was joking, but it's right there in RFC1700!

    doom 666/tcp doom Id Software
    doom 666/tcp doom Id Software

    --
    Socialism: a lie told by totalitarians and believed by fools.