New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes, and it will be there once we start enforcing this
People are, paying customers not so much. Loudest minority. Out of the few hundred email replies we received so far, most were politely asking us to keep port 25 open for them.
Some were angry and told us they will be canceling because they misunderstood it and thought it will be enforced with no exceptions, we clarified our stance and told them we can whitelist their accounts if needed, and everything was ok again.
1 customer canceled, and then later changed their mind about it and removed their cancellation request after requesting a whitelist.
Obviously it is the weekend and we will get some more angry emails and cancellations over the next week, but this is something we expected when we decided to do this.
@jar @hosthatch
I'd like to apologize for my behavior.
I wish both of you the best business
@hosthatch do you guys have any effort in cleansing your subnets currently? I’ve recently moved a mail server to one VM of you and while it’s not visibly present in any RBLs it gets blocked like hell from every big provider I’ve tried to send to.
Same here, Was a bit worried when I saw the email but they had no problem whitelisting me. Very happy with Hosthatch.
You people and your popcorn gifs are acting like this is the first time in recorded history this has been done by a provider.
Many providers block port 25. Where was all the venom when BuyVM put this policy in place long ago? Linode, DigitalOcean, Vultr...
It's just opening a ticket to get whitelisted. You all are acting like it's the first step on a slippery slope that leads to total enslavement.
but why? If its easy for people to "just open a ticket and get whitelisted" its the same for the abuser. Where is the point John Snow?
Most spammers aren't interested in jumping through hoops. That's why they attack cloud providers most heavily, especially ones with API and self service provisioning.
But if they have an API can't you automate that too? duh
Yep, was taking advantage of the opportunity to stress test my inbound mail servers filtering capabilities.
EDIT: Stress test over, turned off email notifications
Someone who's been a customer for a long time with no history of abuse is less likely to be a spammer compared to someone who's just signed up as a new customer. I imagine they look at the account history when determining whether to accept the request or ask for further details.
Yea but that will result in higher dispute/refund rate and more work for him, if he does that for new accounts.
We all know how good it works if you write something on the page.
I think there is rule in iptables which could just log the email sent in a certain time and then block the port 25 when a certain condition is met. Any network pro to through some light on that as it would be big help for all providers.
I'm guessing this is not a perfect solution but rather a practical one. If it reduces spammer signups by 80% (or even 20%) it's a win.
It's like changing your ssh port. Doesn't defeat the determined but filters the masses.
Another whoosh. It's not a ban. If you were banned, you're no longer a customer.
What? That's the existing solution and doesn't work because abuse occurs and then prevented but damage already done. Abuse needs to be curb stomped from the start.
Both major Canadian ISP's have been blocking port 25 outgoing for over a decade on residential broadband. When additional anti-spam legislation went in effect years ago around the world, I'd say is when it became industry practice for many places and services.
Seriously, what percentage of users are running mail servers today? I don't know, but I'm guessing sub 5%. This will probably help when someone doesn't configure root email properly and 30k emails get sent out they didn't know about.
It's not a standard of the good hosters. It's a standard of the nightmare hosters who don't respect their customers!
Nope!
Why I need to have a responsibility for the spammers?
Yup!
Amazon
Azure
Google
Every ISP I've had in the US does the same.
Just think of the injustice that you have to use passwords or keys to login to your service. The only reason you have to do that is because of dishonorable people.
Think of the extra you're paying because of the chip design + fab cost + extra electricity for encryption on the wire. If no one tried to listen in where they're not supposed to, there'd be no need for it, right? Outrageous.
@raindog308 - You are wrong! Services should be open, and the customer should administer the server as he/she needs. This is why such servers are unmanaged by provider. If it's an abuser, then only abusers should be denied; but only when it's an abuse or a potential abuser (orders with VPN/Tor/proxy).
The fact that big players block port 25 by default is not a good example. "Because big players do it, we should do it too" is not a good way of thinking. If we start taking their example, internet will become controlled by those players, with every small provider adopting their rules, every step of the way. We have the right and privilege to refuse dancing by their rules. I know it's hard, but not impossible.
And last: customers should always be considered innocent by default, not guilty from start as being blocked for something they did not even commit.
As a side note sarcasm: maybe we should start advertising Google and Amazon on LET, since we want to adopt their rules and conditions anyway ("The Industry Standard").
EDIT: forgot the popcorn gif... because in my opinion this is a popcorn drama, whether you like it or not.
Maybe root access to the host machine should be open to all customers with VMs on that host machine! More open and more freedom!
But no. I think you would agree that customers should never be given so much that they can harm other customers. Mail is the same.
The IP is owned by the provider, and the customer can damage not only their own IP but the entire range. Please understand that any host wants to protect their IPs. Blocking port 25 is the most straightforward way to do this without packetsniffing (and that is expensive and sometimes unreliable).
HostHatch mentioning port 25 is simply to justify that they aren't the first to take such action. It's common practice at good providers (oh, and don't trash on AWS/GCP/Azure just because you don't like them. Pretty much all Fortune 500s use the big clouds, and they lead the industry).
By the way, how come you feel so strongly? You can just file a ticket to remove it with your use case. Two minutes. As simple as that.
And dishonorable hosters and government authorities who are spying on people!
Verizon FiOS residential line permits outbound TCP port 25.
Telnet session:
Received mail headers:
(recipient address changed; all other fields are real)
Yep!
There's still something I still don't quite understand. A lot of providers block port 25, but they do not block port 587 or 465, and most email servers are listening on all three. Why only block one of them? I don't know if spammers even still use port 25 given the fact that many hosts block it.
justice is not the correct analogy, it's more accurate to use license (driving license) as the analogy.
you can use port 25 (drive car) on localhost (parking lot), but not on internet (highway). you need justification (license) from provider to able to. all of this is because provider need our awareness and responsibility.
Interesting...Comcast, CenturyLink, and AT&T don't.
Guess what - that's what you've got if you use Hosthatch. They just an additional configuration step - opening a ticket. Some providers used to not enable TUN/TAP by default but they would turn it on by request. They didn't enable it because most users didn't need it. Were you as outraged then?
Good grief. It's submitting a ticket to turn it on. You make it sound like we're all in Morpheus's Nebuchadnezzar, making humanity's last stand.
I lost my shit reading this. Nice.
Comcast's site also has a list of other ISPs that block port 25: https://www.xfinity.com/support/articles/email-port-25-no-longer-supported. They also mention that the FTC, M3AAWG, and IETF all recommend blocking port 25 for message submission, at least for unauthenticated email.
Ahh LET.
Where do you draw your line?
Guys, this is not the end of it. They literally said they would enable port 25 if it can be justified. They haven’t said anything about “this is disabled, won’t enable, fuck off and go suck a camels nuts”.
Can you guys not make a mountain out of a molehill?