Don't allow your network to pollute the internet
Is port 25 open on your network? You may be enabling a torrent of spam without knowing it. Restricting port 25 is a simple solution. It won’t stop you from sending authenticated emails, but it will significantly reduce the spread of spam and malware, while strengthening your network integrity. Explore our FAQs, best practices, and expert blogs to understand and address this escalating issue.
Port 25: A problem resurfaced
In 2005 the industry collectively breathed a sigh of relief because an agreement was reached that leaving port 25 open on a mail server was a bad thing, and open relays were no longer a large-scale problem. By closing port 25 to unauthorized users, the largest spam problem had been solved - with an easy solution. However, today that problem has resurfaced, and is bigger than ever.
Why is this happening?
Due to the shortage of IPv4 addresses, many networks are using Network Address Translation (NAT) to get the most out of their limited IPs resources. However, many networks have not configured their NATs to block outbound traffic on port 25 to end users.
The ever-increasing use of smartphones and other internet-connected devices allows cybercriminals to exploit weaknesses in them to run proxy software, spread malware, and send spam.
The result is that every infected device can send spam, and a wide-open port 25 on dynamic and Carrier-Grade NAT (CGNAT) IP pools means there is nothing to stop the spam. Consequently, a significant amount of abusive port 25 traffic comes from devices that have been infected with proxyware or malware, which are sending spam without the user’s consent or knowledge.
The solution is simple - it is the same as it was 25 years ago: networks must limit port 25 to SMTP server access only and deny access to all others.
Networks currently affected
The networks identified as having a problem with proxy malware abuse caused by leaving port 25 open are listed below:
- AT&T, https://www.att.com/
- Three Ireland (02ireland UK), https://www.three.ie/
- Bluehost, https://www.bluehost.com/
- Double Square Networks, https://www.dsnetworks.net/
- Norlys, https://www.eniig.dk
- Bouygues Telecom, https://www.bouyguestelecom.fr/
- Giganet, https://www.giganet.uk/
- HostZealot, https://www.hostzealot.com/
- IBT, https://www.ibt.uk.com/
- Leste Telecom, https://www.lestetelecom.com.br/
- LeVPN, https://www.le-vpn.com/
- SFR (Neuf.fr), https://www.sfr.fr/
- Sunrise, https://www.sunrise.ch/
- Telus, https://www.telus.ca
- ThreeUK, https://www.three.co.uk/
- Tele2, https://www.tele2.com/
- Virgin Media, https://www.virginmedia.com/
- Vodafone DE, https://www.vodafone.de/
- WOWnet, https://wownetworkslimited.net/
This is by no means a complete list; it is based on what our removals team sees, which is a limited view. If your network is not listed here, please do not assume there is no problem.
What action do you need to take now?
Check with your networking team, and make sure port 25 is closed to end users. It takes a minute to ask the question. It takes five minutes to restrict port 25. But the reduction in the amount of unwanted email will be huge, and you will be helping to strengthen trust and safety on the internet.
Thank you.
Further information
Network owners and operators, the role you play in addressing this issue is crucial.
You can find frequently asked questions, best practices, blogs and more here to understand why restricting port 25 outbound is essential for protecting against the spread of spam and malware, and maintaining network integrity for users.