Comcast Xfinity to Block Port 25
As part of a lengthy and technical blog post about internet security on August 1 of this year, Comcast Voices mentioned that they’d be phasing out support for Port 25 as an option for customers’ outgoing email server (SMTP). The post, which few people likely ever saw, didn’t exactly convey a sense of urgency, but did link to another post written the same day, explaining specifically why Comcast Xfinity would soon be blocking of Port 25 (emphasis mine):
Over the past few years, Comcast has managed port 25 by selectively blocking its use in response to spam complaints. This made sense when spam was often sent by an end-user clicking a “send” button. But in this age of bot networks, malware is now responsible for sending the most spam and users are unaware that spam is being sent by their computer.
As a result, we are updating our management of port 25. In order to ensure a more secure network and email domain, Comcast will no longer by default allow access to port 25 for our residential Internet users. In addition, we are asking comcast.net email users to migrate to port 465, which offers SSL encryption. We will continue to support the industry standard port 587. Upon request to our Customer Security Assurance team this block can be removed, enabling access to use port 25 for other email domains, though the comcast.net email servers will no longer accept submission via port 25. These changes will occur gradually across our network beginning today.
Translation: Spambots take advantage of Port 25?s vulnerabilities and use it to send spam from user’s computers. For that reason, Comcast will soon block this outgoing email port for users that use an email client on their computers (rather than webmail), such as MS Outlook, Mozilla Thunderbird, etc. Many ISPs have blocked this port for some time, but it’s a new change for Comcast Xfinity users. It’s important note that this change has the potential to affect any Comcast Xfinity internet customers who use email software on their computer. While it’s probably a good idea to change your outgoing port settings to 465 or 587, as Comcast advised above, they do state that for non @comcast.net email accounts, they will unblock port 25 upon request. We would however just advise that you change your port settings to make things easier.
To further bolster their case, Xfinity adds the following:
There are number of other influential bodies that recommend against the use of port 25.The Federal Trade Commission (FTC), an organization that has taken legal action against many spammers, also recommends that port 25 is blocked by ISPs. The recommendation is as follows: “block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.”
Comcast Xfinity Sends Out Email Warning
As I mentioned, those blog posts were from August 1 – So why are we just bringing this up now? Because for whatever reason, one of our employees just received an email notification about this change at their personal account yesterday. (I mention “personal account” to differentiate from Comcast Business Class, which is our ISP here in the office, and as Comcast stated in the excerpts above, the change is just supposed to impact “residential Internet users”). The one caveat I think users should be aware of here is that some offices probably use “residential” Comcast Xfinity internet service, so you may not be immune to the change just by virtue of the fact that you’re in a commercial setting.
Comcast Outgoing Email Problems?
Have you already experienced outgoing email problems? That wouldn’t be surprising given that despite this email only coming out yesterday, they did announce on their blog (which I’d be willing to bet is very rarely read) that they would start rolling out the change more than 3 months ago. But don’t feel bad if you hadn’t heard and were suddenly unable to send email – you’re not alone.
We’ve actually had a handful of clients call in after experiencing this issue, although in most cases the problem had more to do with people moving from Comcast (and using Port 25) to another ISP that already blocked Port 25. Just a few months ago, an ISP change like this would cause outgoing email issues, but this move by Comcast Xfinity seems geared toward following industry best practices and blocking the port that most others already block. It’s important to note, however, that not all ISPs are blocking and some specifically request that you use 25, as you can see in Fairpoint’s Thunderbird email setup instructions. Just some things worth being aware of in case you plan to move to/from Comcast soon, or even if you’re just an existing customer who uses old port settings.
Vermont Design Works Client Email Settings
If you’re a VDW client, the most important take-away comes in the line about who this impacts. From the second paragraph of the first excerpt above – “comcast.net email users”. If you’re one of our clients, you’ve most likely been set up with email addresses that end in @yourdomain.com. If this is the case and we host your email, we specifically recommend changing your outgoing port to 587 and unchecking the SSL box in your email program’s settings. Comcast’s recommendation of 465 is specifically for @comcast.net email accounts.
Fixing Comcast Outgoing Mail Server Port Issues
If you’re already experiencing issues with outgoing mail, Comcast provided some helpful links in yesterday’s email for configuring outgoing port settings for various email clients:
Email Program Users (Outlook Express, Outlook, MacMail, etc.):
If you use an email program, this action will disable your program’s ability to send email until you change your email program settings to send email on port 465.
To protect your email security, click on the link for your current email software, then follow the step-by-step instructions to change your settings.
Don’t see your email software? Then locate the preferences for your mail account in the software you use and provide the settings listed on this page.
If you’re a Comcast Xfinity internet customer, please let us know in the comments below whether you’ve experienced any outgoing server issues in recent months.