Forgot your password?
typodupeerror
The Internet

SMTP-Friendly ISPs? 70

Posted by Cliff
from the only-if-you're-not-a-spammer dept.
alanpage asks: "My ISP got out of the dial-up business and sold my account to Earthlink. They do not allow me to send e-mail (via port 25) on behalf of the web sites that I maintain. Are any of the major players in broadband or dial-up port 25 friendly?"
This discussion has been archived. No new comments can be posted.

SMTP-Friendly ISPs?

Comments Filter:
  • Port 25 Friendly? (Score:3, Informative)

    by bildstorm (129924) <{if.hhs} {ta} {yhcub.retep}> on Thursday January 17, 2002 @04:44AM (#2853274) Homepage Journal

    By reading your question, it sounds like you want to send out mail via your ISPs SMTP using an e-mail address for a webdomain not hosted by them. Any GOOD ISP will not let you do this.

    You may wonder why. Well, if I can do this, then I can forge e-mail addresses and send out any kind of mail I want. That's a good way to get blacklisted.

    Basically "port 25 friendly" is also known as "spam friendly".

    What I would recommend is seeing if those sites where those domains are hosted allow SMTP services with password authentication. Some place do, and then you can send out mail from any ISP using those mail server.

    My personal e-mail is not connected to my ISP. I have password authentication in place.

    • Re:Port 25 Friendly? (Score:2, Informative)

      by jcausey (253286)
      That's not what he's asking -- he wants to know about ISPs that don't block an outgoing port 25 connection. That is, the ability to connect to another server on the net via port 25 (SMTP default port). This is a common anti-spam system that the majors (Earthlink, MSN, and I think AOL) use.

      FYI for the poster, I think Speakeasy [speakeasy.net] doesn't block outgoing (or incoming) SMTP. They have DSL and dial-up. Personally, I use AOL Timewarner roadrunner, and they don't block it. But cable modems may not be available / desired.
    • By reading your question, it sounds like you want to send out mail via your ISPs SMTP using an e-mail address for a webdomain not hosted by them. Any GOOD ISP will not let you do this.


      Actually any good ISP SHOULD let us do this, provided you are connecting from an IP number owned by the ISP.
      If they didn't allow this, then we would be stuck with only using email addresses provided by ISP, which is not an option for say a student flat like ours, where we want to have our own email addresses, but don't want to restrict ourselves to webmail, or purchasing email addresses from the ISP.

      • Re:Port 25 Friendly? (Score:4, Informative)

        by kooshball (25032) on Thursday January 17, 2002 @10:11AM (#2853975)
        Earthlink, the poster's new ISP (as well as mine), allows this already. My home email system uses Earthlink's SMTP server as a mail gateway. Rather than contacting destination SMTP servers directly, it forwards everything through Earthlink. Since the connection is coming from an Earthlink IP address, the relay is allowed eventhough the address is from a different domain.
    • Yes, so instead of being able to forge any email address, you can only forge the username part of an address @earthlink.net -- yes, that's really going to stop spam. Nothing can really stop it, but that particular "solution" is terrible compared to authentication, probably in combination with allowing only authorized hosts.
      • If you send spam on an earthlink account, you must use the earthlink smtp server. They don't allow you to bypass their server. If you do use their server, then they can map that message to an IP address and through that to your account. So, blocking outgoing port 25 connections allows them to catch spammers using earthlink.
    • I use SpeakEasy. They are widely regarded as an excellent ISP. I recommend they highly.

      They don't host my web site. They don't mind if I use their SMTP server to send email "From:" my domain which they do not host.

      Thus, I disagree with your statement about any good ISP not allowing this, by presenting an example of a very good ISP that does :-)
  • duh... (Score:5, Insightful)

    by ameoba (173803) on Thursday January 17, 2002 @05:44AM (#2853349)
    Keep in mind that if you want to pay commodity prices for a service, you are going to get a service that has been sanitized and developed for the masses. What you're asking is essentially the same as "How can I get WinXP-home to work as a good server?".

    If you want to connect to outside SMTP servers, you'll either have to go with a smaller ISP that doesn't have paranoid, 'we're not going to be the front for spam' policies in place (and make a sacrfice, be it limited dialing area, higher prices, or whatever) or tunnel out to a server that will allow you to connect to foreign SMTP servers.
  • by Molina the Bofh (99621) on Thursday January 17, 2002 @06:54AM (#2853478) Homepage
    Considering you said "on behalf of the web sites that I maintain", I assume you have some degree of control on at least one site outside your ISP.

    Why don't you tunnel ? Then you can use whatever port you want.

    If you have SSH running on one of these servers - and who doesn't nowadays - you can easily tunnel. Just check your ssh client configurations. If you're running windows, a good client is SecureCRT [vandyke.com]. If you're running linux, and the other side is windows NT/2000/XP, use this PPtP client [mit.edu]

    And there's another advantage with tunnelling: You can compress. Unless you have a very fast connection, you'll visibly notice a speed improvement when compressing.
  • www.myrealbox.com will let you use their smtp port if you sign up for an account. And you can use it to send from a different account aswell.
    • This won't do you any good if your ISP is blocking port 25 traffic... A big load of nothing will hit myrealbox's smtp port.
  • t-online (Score:2, Interesting)

    by kzadot (249737)
    With my $50 per month, uncapped, flat rate TDSL line, port 25 is unfirewalled both directions. I can send directly to most places, but sometimes have trouble as the dynamic IPs given to dialup users, are on spam lists. The solution:
    They provide 2 outgoing smtp servers, the first one, rewrites any From: header with your official t-online email address.
    The second one, which one has to register for, relays and preserves the From: address.
    Both these servers only accept connections from ip numbers they own.
    This is ideal, as it is flexible, and prevents against spammers. The only thing is the fact I now rely on the t-online server, which hasn't been a problem so far.
  • This is one of AT&T's business offerings. My company uses it for all our mobile users, and we prefer them to use our mailserver for POP and SMTP.

    Nifty enough (under windows) it comes with a not-dumbed-down dialer program that includes (and updates itself) with all of their access numbers. All of them, from Argentina to Venezuela. Including ISDN numbers.

    Amusingly enough, we went to them from Earthlink.

  • DirectTV DSL (Score:3, Informative)

    by topside420 (530370) <`topside' `at' `topside.org'> on Thursday January 17, 2002 @08:52AM (#2853660) Homepage
    Although not the best DSL provider, they have shapen up in the past few months -- completely revamping all their routers etc, so no its pretty darn reliable. Anyway, DirectTV DSL is giving me great speeds (1.5/256) with good reliability, a static IP, as well as all ports not being firewalled. Only downside is their recent caps of bandwith on USENET groups :(
    • i recently signed up with them and am only getting 768/128 on my line though they advertised 1.5/256 here. any idea how far you are from the CO?

      I was previously a speakeasy.net customer (highly recommended!) and will likely go back if directvdsl doesn't shape up by the time my one (albeit cheap) year with them is over.
      • not sure exactly how far away I am, but I know its not close, its on the outer edges, and I am getting a solid 1.5/256
      • DTV advertizes UP TO 1.5/256, but the speed is highly dependant on your ILEC; for example, if you're in Verizon or Ameritech areas, you're locked to 768/128 as this is the best that those ILECs themselves offer as DSL service. I think people in BellSouth areas report 1.5/256. And typically, the ILECs and DTV only sell the service if you're close enough to the CO in the first place as to get the max throughput they allot.
  • Charter.net seems decent about letting services run on their network, at least in my particular locale. I've got two low traffic web sites, a MUD and email for two domains. I even asked about it at tech support and they said that if I wasn't a problem they didn't care.

    I would think that charter.net would be the same in many/all areas, since when I have had to contact technical support they've always responded with a southern accent and I'm in the midwest.

    The only thing I dislike is that during the windows worm period they blocked port 80 traffic even though I wasn't effected. It was turned on after a while and from what I understand their current policy is to shut down bandwidth to anybody who does become infected, which I think is a good policy.

    • They emailed everyone a few months back talking about not running them.

      I got a personal email saying they'd cancel my service. They never did...now that Charter has taken the accounts from @ Home, they filter everything...grrrrr

      I gave the modem back the other day. Screw them. Slow service, filtered ports?!
      • Really I have not had any problem with this at all as a Charter Customer. And I belong to the LKML, so I get tons of Email to my mail server everyday.
  • Could that ISP be VERIO????
  • I'm in the Kansas City area. We get time warner cable with roadrunner internet. It works great, and they have so far let me do whatever I want. The one problem I have heard is that if you run a few too many port scans, they'll cap your speed. This happened to my friend and now he's inching along at 15 instead of 200.
  • Use ssh (Score:3, Informative)

    by Dr. Sp0ng (24354) <mspong AT gmail DOT com> on Thursday January 17, 2002 @10:49AM (#2854151) Homepage
    If you have a shell account on a box which is outside Earthlink's jurisdiction, you can do what I do:

    ssh -L2001:mail.server.to.use:25 my.shell.server

    Any connections to port 2001 on your local machine will then be forwarded (encrypted) to your shell server, and from there be forwarded to port 25 on the mail server.

    ssh makes a great tool for busting out of firewalls.
  • I have my home computer on a Road Runner connection to the internet. I use it to host my domains, and I have it configured to both accept and send email to the internet without any problems.

    I was going to post the original url [rr.com] for the acceptable use policy which was like a page long and it didn't say that we couldn't run mail servers on RR, but they seem to have moved it to here [twcable.com] which seems to be a much longer and more specific TOS. But on the bright side, it still doesn't really mention that you can't use your own server to send and receive email (hopefully I didn't overlook anything).
  • I work at a hosting company that offers authenticated SMTP service for it's customers. We hate spam a lot, so we decided ASMTP was the way to go.

    Our problem? Half of our customers can't USE the service - we spent 45 minutes on hold with Earthlink one night trying to figure out what was wrong with one of our customer's email settings. Turns out that it's not a bug, it's a feature. *smirk*

    So if any knows of any national providers that don't block SMTP, it would help *me* a lot. :)

    (Disclaimer: I understand WHY providers would block outgoing SMTP server connections. It's mostly justifiable. I just also think that they should notify their customers of this fact in a somewhat obvious fashion.. maybe in their online FAQs.)
    • it's amazing that I previewed this comment 3 times and missed this...

      s/any/anyone

      :)
    • I strongly disagree with the claim that blocking outgoing SMTP is mostly justifiable.

      Several counterpoints:

      1) I own my own domains, and mail sent to them is forwarded to my home system. Naturally I respond from the same system, which isn't a problem since all of my network information is set up for these domains, not my ISP connection. But if my ISP forces me to bounce mail through them, the mail will come from my ISP not my own company. This harms my credibility.

      2) Worse, many ISPs insert extra content in outbound mail. Again, that little spiel for my ISP harms my credibility.

      3) Finally and potentially most damaging, bouncing mail through the ISP means that they can easily monitor everything that goes through their system. Including sensitive business information. This information may get to my competitors.

      That last item is why I use encryption when possible, and my MTA uses TLS when possible. But end-to-end encryption is still rare, and TLS is worthless if a third party acts as a middleman.

      Is spamming from residential systems a problem? Of course... and I fully support ISPs that have a "death penalty" clause for spammers. They get complaints showing spam came from your IP address, and you get a phone call and a dead line until you discuss the situation with the ISP. First offense is "reinstall the OS, run virus checkers, etc." with account termination for repeat offenders.

      But ISPs can't claim that there is no legitimate argument against an anti-spam policy that requires everyone use their mail servers. This is especially true in the broadband market where many people are paying for connectivity, not "ISP" services, and any attempt to force them to convert will cause massive disruption. (E.g., I lost *no* mail during the transition from @home to AT&T because I always use my own domain name precisely to avoid such problems.)
      • by shamino0 (551710)
        Just some counters to your counterpoints:

        1) I also own my own domain. I have my local mail clients set to send out mail with my domain in the From: line. It goes out through Earthlink's server. The From: line is not rewritten. Yes, there is an Earthlink Received: header, but that really shouldn't be a big deal. I can't imagine how this would hurt your business's credibility.

        Of course, this may not be the same for all ISPs, but the original message was talking about Earthlink.

        2) While I have seen many free-mail systems insert ads in outgoing messages, mail from my Earthlink account has never been altered. But not all ISPs are the same here, of course.

        3) E-mail is never secure, no matter what server(s) you use. You are no more at risk using an ISP's server than using your own. Encryption of sensitive information is always a requirement, no matter what your network uses.

        IMO, you may be more at risk using your own, because it is an attractive target for your competitors (and others who may wish you harm.) It is less likely that someone will attempt to hack a major ISP in order to get access to one customer.

        Finally, there are plenty of broadband services that don't filter. But you may have to get a business line (which will cost more) if you require that level of service. For quite some time, my employer was paying for a business DSL line into my home - there was no filtering of any kind, but it cost about $150/mo for 256K SDSL. My current Earthlink line is much less expensive ($65/mo for 1.5M/128K ADSL and a static IP), but there are restrictions. That's the way things are - if you don't want any restrictions, you can get it, but it will cost more.

        (This, of course, doesn't even discuss the wisdom of direct port-25 access over a dial-up line, which IMO is completely unsuitable for business purposes, even if it isn't blocked by an ISP.)

      • The problem is that some of the users of the isp will spoil it for everyone else. If an ISP like earthlink does not take steps to prevent its users from sending out spam, then mail from earthlink's users will get rejected by some sites as potential spam.

        This happened to me when I used Mindspring. I would send mail and some remote sites would bounce it back because Mindspring got a bad reputation for allowing spam. Blocking outgoing port 25, while inconveniencing a small percentage of users, is one of the steps they took to make sure that their users could send mail.

    • I use Internet America, and they have no problem with me using their SMTP server so long as:

      1) it is directed to one of their addresses;

      OR

      2) it comes from one of their static IP addresses (mine -- dunno about their dialup accounts) and is addressed anywhere.

      Of course, I make sure my SMTP server does not relay.

      As far as I can tell, they have no trouble with SMTP traffic that they just route at the IP level -- they don't appear to firewall port 25 and force tou to send email via their SMTP servers. Theis is generally how I send mail.

      So, they will accept mail for their destinations, and will relay mail that comes from their static IPs.

      Yes, they know I am running an SMTP server, and ask only that I (a) do not spam (not relaying ensures that I do not permit others to do this); (b) send excessive traffic upstream. This strikes me as a reasonable policy. I am a satisfied customer.

  • I've read a lot of the comments on how people have no problems with doing this with a DSL service provider, and I'm one of those people as well. I've got all my DSL needs at home running through the dreaded PacBell systems (Enhanced service with a /3 subnet), and I run inbound AND outbound SMTP just fine (my home machine is the last possible SMTP relay for my company's mail systems). People can connect to my port 25, and I can connect to any port 25 I want. This seems to be common with high speed access, as I have multiple employees who have static IP-based DSL from different providers who use our office mail server as their MTA, or have dynamic IP based and run their own MTA at home and work through that.


    Perhaps they're quite worried about spam with dialups, since they're so easy to setup that even giving a spammer a few hours of window will cause major problems for them. But since we've also had people using major dialups (like PacBell) who don't have a problem using the company's dialup to send email with an @OurCompany.com email address, I can't imagine that this should be a really major issue.

  • Worldnet will remove the port 25 block from your account after 30 days if you request it. I've done this and it works great.
  • I reside in Chapel Hill North Carolina and maintain the servers for a small (though growing!) dot com business. We currently use Time Warner's Road Runner (nc.rr.com domain) for our office business connection and regularly use the SMTP gateway from Road Runner for various domains.
  • First, the question. Why are you running the mail servers off of a dialup account? That's... terrible.

    Second, the answer. Earthlink will gladly allow your sendmail to work, just set their mail server as your smarthost. It works like a charm, I use them as a backup net connection.

  • Adelphia (at least here in Massachusetts), doesn't restrict outgoing port 25 for customers using their PowerLink cable internet service.
  • by psychosis (2579)
    toad.net [toad.net] is a GREAT provider based in Severna Park, MD. They have nationwide coverage (if you can get DSL from any other company, you can get it from them too), and have no restrictions on port traffic. I run several sites with mail, web, SSL, SSH, etc, and have never had a problem.
  • ... just use earthlink's mailserver, that's what it's there for. And thank <Diety> that you didn't get stuck with AOL, since they force you to use an @aol.com email address.

    Seriously, this is a Good Thing(tm). I know NOC guys at Earthlink/Mindspring, they keep on top of their servers. (Although I've got better overall uptime on mine. Hah!) So there's really no need to use foreign SMTP servers.

    Aside from that, as a seperate ISP, I BLOCKED Earthlink dialups from directly contacting port 25 here long before they put the filter in place. It's neigh-impossible to police the 6 or 10 million accounts they have right now for spammers... much easier to put heuristics on the mail gateways watching for spam-levels of mail going from one dialup. Effective, too. They're not my #1 source of spam.

    Also, it's not just earthlink. A lot of their POPs are partnered with port-resellers. The major resellers automatically put a port-25 block on, and punch a hole back to the ISPs mailserver. There's nothing Earthlink can do about it. I have Qwest as a port-provider on our national dialup, and they do that for us as well.

    In summary, after 2000, any ISP that provides clear access to port-25 outside their network is no longer a techie-friendly ISP, they're spammer-friendly and techie-hostile.

    --Dan

    • Why are we still using remote smtp servers? We can communicate by VoIP, chat clients, etcetera with the advent of broadband it only gets better and better. Got spam, then run something that uses the RBL. I mean why do we even have remote pop servers? They were great in the bygone days of 160 meg harddrives and 14.4 modems but shouldn't we begin to expect secure encrypted communications? With things like carnivore in our midst I'm surprized with the lackluster response to a secure by defualt e-mail system, not just pgp and forget it because most people just forget it or don't know about it period.
  • Time Warner's Road Runner service in Austin, TX doesn't block port 25.
    • Time Warner RR service in Austin specifically disallows running servers.

      Hoewver, as I have to use my machine for development I had every conceivable type of server running at one point in time or another (IIS, Apache, etc).

      The only network scans I saw from RR involved scanning for open smtp relay -- since mine wasn't open they never complained about it. During the CodeRed 1 & 2 debacle I was even kind enough to compile a list of IP addresses on their network that were scanning me from infected IIS boxes. They kindly reminded me that their AUP prohibited me from running servers but I told them that I have one machine for development and it is part of my job and there was nothing I could do about it. I also told them that there was no publicly accessible links/content being served and that I stayed on top of all patches/vulnerabilities. They seemed satisfied with that response.
      • Actually, they don't specifically disallow servers. Or at least, they didn't last time I checked. They disallow open, anonymous access to servers, as you've noticed. Considering all the flack cable ISPs have been receiving on Slashdot, RR Austin actually has a pretty decent policy. As long as the server is password-protected and doesn't use up too much bandwith, they won't complain.

        Besides, my SMTP server is not really a server in their eyes. In fact, I'd call it an "SMTP client". Nothing connects to it from the outside. In fact, it runs on my local machine, which is behind a Linksys firewall/router.

        • The last time I read the AUP (a year ago) the wording was quite vague... vague enough that I figure if you became any sort of legal liability (ie: DMCA violations) or otherwise annoyed them (ie: taking up lots of the limited upstream bandwidth) they could cut you off claiming you violated the AUP by running a server...

          In any case... I miss RR... *sniff* I'm on attbi and have a massive 128kbit/s upstream rate... not even good enough to host a decent AVP2 game...
  • If you're logged in to an ISP's network, you can generally do whatever you want because they know who you are.

    If you're not on their network, you can't just use their SMTP because they don't know who you are.

    Those of you who are saying "I don't have any problem with this".... well duh. You're logged on to the network in question. The original poster evidently is not.

    FYI, Earthlink does NOT allow you to authenticate to their SMTP from outside their network.

    From the standpoint of clients who want to have domain-based email without being on the same network as their domain host, if they are using Outlook (I know, I know), which many are, they can use their own ISP's SMTP and put their domain email address in the replyto: field. Makes it look like it came from their domain. This has saved me a few migraines along the way. Thanks Microsoft! heh ;-)
  • I have the best dial-up isp availible and they don't block port 25. They are also dirt cheap. Talent Group [talentg.com]
    -- Devin
  • Earthlink's SMTP server allow you to send out messages with return address for all domains, not just @earthlink.net etc. Just set your mail software to use Earthlink's mailserver instead.
  • My genius ISP, optimum online, decided that blocking INCOMING connections to port 25 would stop spam. So now I have to point my MX to another machine that forwards to mine on another port to get around this, in the meantime they do nothing to stop someone from sending all the spam they want from their network. I can still send mail just fine from my domains (and any I wanted to spoof, if I was a spammer). Genius.
  • I have a small network (about 10 computers) behind a simple firewall box (Xsense's XRouter Pro) that does NAT. One of those computers is hosting FreeBSD, including Sendmail, running on an old P90 behind the firewall. From any of the other machines on the network, a mail client such as Eudora can be set up to use that SMTP server for outbound mail. Sendmail does what its name implies: it sends the mail out. Presumably on port 25, since I did not specify a custom port. A mail client can also be set up to use Comcast's SMTP server. That works perfectly well, but a mail client typically gets rid of the mail much faster when using the internal SMTP server. Is this what you mean? It works just fine.

Happiness is a positive cash flow.

Working...