Limit outbound port 25 to SMPT servers only
Networks should close outbound port 25 for end users, and limit port 25 access to SMTP servers only. This is transparent to end users, who are using port 587 or 465 for authentication.
No end user needs port 25 open for their mobile phone. Only SMTP servers need port 25 open. Routers and firewalls should be shipped with port 25 disabled.
Why should networks do that?
Port 25 is heavily abused and is the spammer's choice port of call.
In the 90s, spammers discovered that port 25 allows people to connect to a mail server and send mail through it, no matter where they were physically located, or whether or not they had any right to access that machine. This "open relay" feature of port 25 was cheerfully abused by criminals until network administrators had had enough, and made some changes.
Port 25 is only needed for use by SMTP servers. If it is left open and accessible, it WILL be abused: spamming is a very lucrative business, and all the more so if the spammers can use other people's infrastructure to send their spam, instead of paying for their own - free "postage"!
In 1998, port 587 was created. Using 587 allows an end user to supply a username and password to the mail server for authentication. If they pass authentication, they can send mail - there is no open relay. By 2005, the open relay issue was essentially solved, and the criminals moved on to other vectors for their spam.
A new version of open relays
Fast forward 20 years, and that new vector is mobile phones.
Despite the recommendations by industry leaders and despite the work that was done to close port 25 on mail servers, many of today's mobile networks have declined to limit port 25 on their IP pools.
On the mobile phone side, a proxy is embedded in (many) apps, the app is installed by an unknowing user, access to the proxy is sold by one or more residential proxy resellers, and the spam is once again flowing freely over open port 25. Of course, the costs of transporting and dealing with all the spam are absorbed by the recievers.
We strongly advise that networks limit port 25 and help clean up the spam.