About OIT About the OIT
Directories Directories
Connect to Network Connect to Network
Network Services Network Services
Security IT Security
Voice Services Voice Services
Cable TV Cable Television
Computing Computing
Information Resources Information Resources
Committees IT Committees
Jobs IT Jobs at UCSB
 
spacer spacer
spacer Office of Information Technology  
spacer
spacer
           
spacer
spacer
spacer view site index contact OIT staff
spacer
spacer
  OIT Home > Cox Blocks Email to Port 25
spacer spacer
 

Cox Blocks Email to Port 25

 

Cox Communications has announced that email traffic from Cox High Speed Internet (CHSI; residential cable modem service) to UCSB SMTP servers on port 25/tcp will be blocked beginning July 28, 2004. Cox will require that users sending email from their CHSI network use the CHSI SMTP servers (smtp.west.cox.net; alternatively, smtp.central.cox.net or smtp.east.cox.net).

In a letter to the campus network programmer, Cox states, "Our SMTP servers will authenticate and allow any e-mail address in the from field if the domain has a valid MX record." Thus, CHSI users who wish to send mail via COX SMTP relays using a UCSB sender address should work if the UCSB domain name has an MX record. Email delivery to servers without MX records has generally been possible (a plain "A" IP address record is sufficient), but Cox is requiring MX records for sender addresses on relayed mail.

As an example, if your users' email addresses are in the format "mickey@disneyology.ucsb.edu," there must be an MX record for the disneyology.ucsb.edu domain name, or your Cox-based users will be unable to relay mail via Cox SMTP servers using their @disneyology.ucsb.edu address as the email sender address.

You can easily check for MX records for your domain name using a tool like those available at DNSstuff.com. Just enter your domain name in the "DNS lookup" box (upper-right corner, under "Hostname Tests"), select MX from the drop-down list, and click Lookup. You should see an MX record in the "Type" column in the "Answer" section.

According to the letter, Cox began blocking outbound use of port 25 in June 2003, with limited exceptions "to select universities in and near our markets." UCSB was one of the exceptions, apparently due, in part, to sensitivity regarding finals.

The most pertinent quote from Cox's letter:

This is to notify you that beginning 7/28/2004, access to your universities [sic] SMTP server on port 25 will be blocked from the Cox High Speed Internet network. All email sent via Cox High Speed Internet network must route through Cox's email servers.

If you provide relaying for your off-campus Cox users, your service may remain functional if you support relaying via another port besides 25. There are a couple of ports commonly used for this purpose, 465 and 587. SMTP servers on port 465 are expected to immediately negotiate TLS (i.e., encrypt everything from the start). This type of operation is generally considered legacy and not preferred.

Port 587 presents a standard SMTP dialog with optional STARTTLS support for encryption. The campus network programmer recommends requiring STARTTLS before accepting authentication credentials. If you configure your SMTP server to support port 587, you should also ensure that all submissions are authenticated, not just relayed messages. Failure to require authentication on all port 587 connections is likely to result in spam delivery via that port. The whole point of port 587 is to support authenticated submission of email for delivery, and not to create a clone of port 25.

This move by Cox is increasingly common in the ISP community as a means to combat spam sourced via their customers' systems.

KPS

  spacer
spacer University of California Santa Barbara Home Page
  Copyright 2003-2014 The Regents of the University of California, All Rights Reserved
Web contactTerms of UseAccessibility
Last modified: 10/19/2007
  spacer