ISPs Block SMTP Port 25 and General Email Security
Rewired
Member
This is a subject that I think is worthy of a Short Media discussion. I searched the board and as far as I can tell it hasn’t been discussed here before but if I’m wrong, please refer me to the thread.
1) OptOnline (my ISP) as well as other ISPs have blocked SMTP port 25. This prevents consumers from send outgoing mail through any server but [in the case of OptOnline] OptOnline’s own mail server. For example, I have to send my work email address out through mail.optonline.net instead of my work’s email server if I’m using my home internet connection.
From what I understand this is done so that OptOnline can monitor and prevent mass-emailing such as spam. How long has OptOnline been blocking outgoing email through port 25?
2) How is it that outgoing email needs no authentication? What I mean is, there is no way to be sure that an email that is addressed from “so and so” is actually from “so and so”. Mail posing from any email address can be sent for example through mail.optonline.net. Mail can be sent as jesus@jesus.com. There is no check to see that the mail being sent is actually from the owner of the particular account of the email address. I’m having some trouble getting my point across but I hope it’s understood. Ok, so I know email isn’t the most secure form of messaging, but this just seems to be just too big of a security risk.
-Mlike
1) OptOnline (my ISP) as well as other ISPs have blocked SMTP port 25. This prevents consumers from send outgoing mail through any server but [in the case of OptOnline] OptOnline’s own mail server. For example, I have to send my work email address out through mail.optonline.net instead of my work’s email server if I’m using my home internet connection.
From what I understand this is done so that OptOnline can monitor and prevent mass-emailing such as spam. How long has OptOnline been blocking outgoing email through port 25?
2) How is it that outgoing email needs no authentication? What I mean is, there is no way to be sure that an email that is addressed from “so and so” is actually from “so and so”. Mail posing from any email address can be sent for example through mail.optonline.net. Mail can be sent as jesus@jesus.com. There is no check to see that the mail being sent is actually from the owner of the particular account of the email address. I’m having some trouble getting my point across but I hope it’s understood. Ok, so I know email isn’t the most secure form of messaging, but this just seems to be just too big of a security risk.
-Mlike
0
Comments
For how email works, one paper is: "The Email System and the Resulting Spam Problem (How email works) [PDF]" at the FTC http://www.ftc.gov/bcp/workshops/e-authentication/
Microsoft owns a "caller ID" protocol that it offers as a solution:
www.microsoft.com/senderid
There are many, however, who are less than thrilled at the prospect of Microsoft owning another controlling technology: http://www.theregister.co.uk/2004/11/16/email_authentication_summit/
And caller ID is not a silver bullet: http://www.theregister.co.uk/2004/09/03/email_authentication_spam/