Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verizon.net Finally Moving Email To Port 587

Posted by kdawson on from the decade-late-and-a-megabuck-short dept.

The Washington Post's Security Fix blog is reporting that Verizon, long identified as the largest ISP source of spam, is moving to require use of the submission port, 587, in outbound mail — and thus to require authentication. While spammers may still be able to relay spam through zombies in Verizon's network, if the victims let their mail clients remember their authentication credentials, at least the zombies will be easily identifiable. Verizon pledges to clean up their zombie problem quickly. We'll see.

17 of 195 comments (clear)

  1. Finally, Verizon, Finally!! by Smidge207 · · Score: 5, Interesting

    I found out I was a spammer when I investigated a message returned to me. I ended up talking with someone from SORBS. After emailing SORBS a couple of times, I received this message from Michelle Sullivan: "SORBS lists IP addresses that send spam. Often there is real email mixed with the spam, sometimes deliberately, sometimes accidentally. In this case you are using an IP address to send your email that has previously, and is still, sending spam. The IP address is blocked. I'd contact your provider and complain bitterly about it, because it's the provider that is listed, not you specifically."

    I send out a newsletter with about 250 subscribers. After talking with SORBS, I contacted Verizon and found out that, even though we signed up for Verizon Business, they limit the amount of email I can send a week to 500 messages. I rarely approach 200 messages and the newsletter is a monthly. Verizon told me I couldnâ(TM)t even send the newsletter in one blast; I had to limit it to 100 subscribers an hour! And in late Fall 2008, some providers, like MS, would reject my mail simply because it had @Verizon.net in the senderâ(TM)s address. I knew I wasn't sending out large amounts of email, let alone spam.

    Within those imposed limits, Verizon still could not bring its huge entity to investigate my complaint. In late December, we switch to Constant Contact to email the newsletter. While my boss uses Cox since he works mostly from home, the office is still âoeconnectedâ with Verizon!

    Boy, I hate Verizon! Now, maybe they will kill the Zombies from all those dead zones they claim not to have!

    =smidge=

    --
    Is it just my observation, or is eldavojohn an idiot?
    1. Re:Finally, Verizon, Finally!! by Jurily · · Score: 4, Funny

      I send out a newsletter with about 250 subscribers per zombie.

    2. Re:Finally, Verizon, Finally!! by nabsltd · · Score: 4, Informative

      I send out a newsletter with about 250 subscribers. After talking with SORBS, I contacted Verizon and found out that, even though we signed up for Verizon Business, they limit the amount of email I can send a week to 500 messages.

      Verizon Business accounts assume that you will probably be running a business, and have your own domain.

      If you do things this more professional way, there are no limits with Verizon DSL or FiOS (other than the speed you pay for being a "limit").

    3. Re:Finally, Verizon, Finally!! by GoodNicksAreTaken · · Score: 4, Informative

      IANAL, Yet.
      Guess what, "The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email"
      Parent did not specify that it was commercial email and "newsletter" indicates that it likely is not. Even if they were of a commercial nature they would likely be exempted under the CAN-SPAM act as they would qualify as "relationship" messages.

  2. What's this "finally" shit? by the+unbeliever · · Score: 4, Informative

    You can set up port 25 SMTP to require authentication for relay purposes, without having to configure end user's machines for another port.

    1. Re:What's this "finally" shit? by erroneus · · Score: 4, Interesting

      This implies that they are blocking all outbound port 25 requests. All ISPs in Japan that I am aware of have been doing this for a long time. The problem is that if you have a 3rd party email service provider, you can no longer send email through them because port 25 will be blocked and if the other party offers the alternative port as well, it is still often blocked.

      Still, for MOST people, this is a good plan. I just think that users should be informed of this change, informed why it is a good idea for MOST people and to give them an option to "opt out" of the restriction in some way if the restriction is not compatible with their current needs.

    2. Re:What's this "finally" shit? by mibus · · Score: 4, Interesting

      My home ISP (oblig. disclaimer: I now work for them too) has blocked port 25 outbound by default on 'Home' ADSL connections for a while now.

      It's all configurable from the online webtools, so you can turn it back on if you want it.

      And there's even an in-depth FAQ about it on the site.

      IMHO it's a great idea, and I wish more ISPs did it.

    3. Re:What's this "finally" shit? by Buelldozer · · Score: 4, Funny

      So, you spent "many days bitching at my IT guys at work" and in the end the problem was with your Internet Service at home?! You posted this on Slashdot?

      Ummm, yeah, we're going to need your address. I've already handed out the torches and pitchforks.

  3. Verizon spam zombies by benjfowler · · Score: 5, Funny

    I feel a great disturbance in the Force, as if millions of voices cried out in terror and were suddenly silenced...

    1. Re:Verizon spam zombies by SpiffyMarc · · Score: 4, Funny

      They're spam zombies. It's a million voices groaning out URrGgGHghHHhh followed by a couple late chants of "brains."

  4. Comcast by TheNinjaroach · · Score: 5, Funny

    Well your spam made it through, but the response must have been throttled since you didn't get first post. You're a Comcast customer, aren't you?

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  5. Re:Do zombies even use ISP mail servers? by stevey · · Score: 5, Insightful

    Indeed.

    But if you're the ISP you can just say "Hey customers outgoing port 25 is blocked - use authentication and port 587 to send mail".

    In general I'm against ISP blocking services, but in the case of spam prevention its a good choice to make.

    (The ideal would be to allow outgoing, but cut people off if they spam. That would punish only the guilty, but I guess they're not so keen on that).

  6. great, only 7 years late by Indy1 · · Score: 5, Informative

    Verizon has been an epic sewer network for years, and has ignored their spam problem for years. If they want to clean up now (or make a lame attempt to clean up, as most telco's do), fine. It just means less work for iptables at my end.

    For those who are sick of Verizon's bullshit, here's my list (no promises this is complete, but it should have most of em) of Verizon's ip blocks.

      206.46.0.0/16
      66.12.0.0/14
      207.68.0.0/17
      71.96.0.0/11
      72.64.0.0/11
      72.42.0.0/18
      71.160.0.0/15
      71.162.0.0/16
      96.224.0.0/11
      98.108.0.0/14
      98.112.0.0/13
      68.160.0.0/14
      162.84.0.0/16
      162.83.0.0/16
      151.204.0.0/15
      138.88.0.0/21
      66.171.0.0/16
      66.14.128.0/17
      151.201.0.0/16
      138.89.0.0/16
      141.149.0.0/16
      141.150.0.0/15
      141.152.0.0/14
      141.156.0.0/15
      141.158.0.0/16
      68.160.192.0/18
      68.161.192.0/18
      66.14.0.0/17
      151.196.0.0/14
      151.200.0.0/14
      151.204.0.0/15
      129.44.0.0/16
      138.88.0.0/16
      64.222.0.0/15
      68.236.0.0/14
      70.104.0.0/13
      70.16.0.0/13
      71.96.0.0/11
      209.158.0.0/16
      209.159.0.0/19
      71.160.0.0/11
      173.64.0.0/12
      70.192.0.0/11
      66.174.0.0/16
      75.224.0.0/12
      75.240.0.0/13
      75.192.0.0/10
      97.0.0.0/10

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
  7. Re:Do zombies even use ISP mail servers? by Chabo · · Score: 4, Insightful

    In general I'm against monitoring people secretly and continuously; but in the case of cities where children are legally or physically possibly present, it's a good choice to make to stop pedophiles.

    ... what?

    --
    Convert FLACs to a portable format with FlacSquisher
  8. Remembering credentials?! by coljac · · Score: 4, Insightful

    I like the suggestion that people are somehow lax in security because their mail client remembers their password. Who are these guys who type the password in every 3 minutes when they check their mail?

    --
    Everyone knows that damage is done to the soul by bad motion pictures. -Pope Pius XI
  9. Re:Do zombies even use ISP mail servers? by robot_love · · Score: 4, Insightful

    He's saying that a losing a little bit of liberty to gain some safety isn't worth it. He did this by cleverly rewording the original poster's statement about email to make it about pedophiles to highlight the fact it's essentially the same issue, simply in a different context.

    --
    .there is enough of everything for everyone.
  10. Re:What ever happened to SSL and port 465? by jeaton · · Score: 4, Informative

    Port 587 was allocated by IANA and is documented by the IETF in RFC 2476, and the STARTTLS capability is documented in RFC 2487. It is not clear from the article whether Verizon is going to require STARTTLS or not. They may require STARTTLS for all mail on port 587 if they so choose.

    I assume that the "full-on SSL" that you would prefer refers to the non-standard port 465 ("SMTPs"). That port was chosen arbitrarily by Microsoft, has not been standardized by any common standards body, and was previously already allocated to "URL Rendesvous Directory for SSM".

    Why perpetuate non-standards when there are established standards which have the same functionality?