Email relies on SMTP, the simple mail transfer protocol, to send messages between mail servers. As an open protocol, SMTP has some vulnerabilities that make it possible for network administrators and ISPs to block or limit its use. There are valid reasons to block certain aspects of SMTP traffic, but doing so can also cause messaging disruptions.
The SMTP protocol allows email clients to send messages to mail servers and for mail servers to send messages to each other across the internet. The sending and relaying of messages typically happens on port 25. Servers receiving messages do so on port 587 in most cases. Client applications access mailboxes on port 143 or 993.
How does blocking SMTP work?
Network admins can block SMTP in two key ways:
- Block by IP address – Prevent connections to or from specific mail servers by blacklisting their IP addresses in firewall policies or router configuration rules. Often used to block known spam senders.
- Block by content – Inspect SMTP command streams for suspicious characteristics, like spam triggers, viruses, or prohibited attachments and block specific messages from being sent or received.
Groups that commonly block some SMTP access include:
- Corporate network admins – Restrict external messaging for security reasons or monitor internal SMTP for policy compliance.
- Internet service providers – Block spam and viruses from both originating on and entering their networks.
- Schools and libraries – Control access to email and webmail through content filters to enforce acceptable use policies.
- Government networks – Monitor and limit mail flows to meet data security rules and records compliance regulations.
Countries that censor internet access also tend to limit access to webmail and SMTP protocols.
Why block SMTP?
Valid reasons to block or limit SMTP traffic include:
- Reducing spam – The vast volumes of junk mail sent via SMTP consume network capacity and storage resources. Blocking known spam senders helps mitigate the problem.
- Limiting viruses and malware – Viruses often propagate via file attachments sent through SMTP. Blocking known infected addresses and filtering suspicious content keeps networks safer.
- Enforcing AUPs – Schools and organizations may limit some external or internal SMTP flows to enforce acceptable use policies around external communications.
- Productivity – Allowing employees unfettered personal email access can hamper productivity. Some corporations restrict webmail and external SMTP access during work hours or throttle SMTP bandwidth allocation.
- Censorship – Repressive regimes use a variety of technical measures, including SMTP blocks and filters to limit access to communications channels like webmail, social networks and messaging apps.
How blocking SMTP impacts email
SMTP controls can be useful network administration tools when applied judiciously, but there are also downsides for users, such as:
- Email delays from connection failures or time spent in traffic inspection queues.
- Messages blocked or filtered incorrectly as spam or suspect content (false positives).
- Loss of email privacy from traffic monitoring.
- Inability to communicate efficiently when external SMTP access is limited.
Blocking SMTP disrupts email when:
- Essential messages get blocked – Spam filters may block important messages that share spammy keywords or contain blocked attachments.
- Mail server connectivity fails – If firewall policies do not differentiate clearly between trusted internal vs external mail servers, they can inadvertently block vital email routes.
- Encryption causes inspection failures – Messages encrypted with TLS/SSL get rejected if SMTP traffic inspections systems cannot decrypt contents to scan for compliance with policies.
- Rate limits trigger – If SMTP bandwidth throttling limits are set too low, queues will back up and stall message delivery through a network.
- Whitelisted servers get blacklisted – Spammers exploit vulnerabilities in mail servers to route messages. Spam blacklists can unintentionally block legitimate but compromised SMTP servers.
With so many vital functions dependent on email, disruptions caused by overly restrictive SMTP blocking and monitoring cause real business continuity and user productivity problems.
Overcoming SMTP blocking issues
If you find your mail server or email client unable to connect reliably because of port 25 blocks or other SMTP limitations, there are steps you can take to restore messaging capabilities:
For network administrators
- Review firewall policies, router configs, and SMTP gateway settings to ensure trusted mail servers have connectivity on key mail ports like 25, 143, 993, and 587.
- Check that cybersecurity systems distinguish between authorised internal vs external mail servers and clients – whitelist trusted servers.
- Consider allowing SMTP connectivity over 587 for user clients rather than 25. Makes security rules easier to set and enforce for clients vs servers.
- Evaluate bandwidth throttles on SMTP traffic – priorities may need adjustment during peak loads.
- Use greylisting rather than outright blocks to defer spam and retry legitimate user mail a few minutes later.
- Allow SMTP flows with enforcement of transport layer security (TLS)rather than blocking encrypted traffic.
- Set spam filter thresholds conservatively to avoid blocking valid mail – reduce false positives.
- Use client apps rather than browser-based webmail clients for better SMTP connectivity in restricted networks.
- If SMTP over port 25 is blocked, use port 587 connections with authenticated logins instead – required for many ISPs too.
- When connecting via webmail in restrictive networks, try using HTTPSecure (HTTPS) options or VPN tunnel with encryption, which obscure port 25 blocks.
- If messages with attachments fail but plain text notes work, compress/zip attachments to bypass filters checking file extensions.
- When all SMTP avenues seems blocked, last resort options would be to switch from email to messaging services with apps using alternative protocols to SMTP like XMPP, Signal or Matrix. Or rely on non-IP channels like SMS texts or phone calls.
The open nature of SMTP with traffic relayed between many servers makes it hard to lock down. As an attack vector exploited by bad actors to spread spam, malware and perpetrate phishing campaigns, SMTP is appealing to block – but doing so can also easily disrupt legitimate messaging.
Sysadmins need to strike a balance with SMTP access controls – blacklist only confirmed spam/virus senders but whitelist trusted servers, users and services vital for business operations. For users impacted by aggressive SMTP restrictions, workaround options exist to restore email capabilities vital for communication and productivity.
SMTP underpins the sending and receiving of email messages, relying on traffic relay between mail servers over port 25 without intrinsic authentication or encryption. While an open protocol is necessary for mail routing, it provides vulnerabilities that network gatekeepers are compelled to block for security protections.
Techniques like IP blacklisting, port blocking and content filtering of SMTP traffic are useful tools for sysadmins but routinely cause false positives, classifying legitimate messages as suspect. The result is disruption of vital communication channels – undermining productivity, continuity and privacy.
With planning though, conscientious network policies can circumvent most issues, limiting harmful traffic patterns without depriving users of this essential messaging conduit. For core needs, SMTP remains the protocol on which businesses utterly depend, so administrators must strike the right balance with controls to curb exploitation without choking flows.
Frequently Asked Questions
- Why would my ISP block SMTP traffic?
ISPs commonly block or limit SMTP flows to mitigate spam, malware and botnets exploiting their networks. Monitoring traffic also allows them to meet data security compliance duties. But overblocking impacts customers relying on email access.
- Can a firewall completely block SMTP emails?
Yes, firewall policies can block all SMTP traffic by preventing TCP connections on ports 25, 587 or others used for mail. This would disable all external email functions. Internal SMTP may still work.
- What problems can blocking SMTP cause?
Disrupting SMTP flows frequently slows email delivery, incorrectly filters legitimate messages as spam (false positives), disables external communications when users rely on webmail, and lowers email privacy.
- How does blacklisting an IP address block SMTP?
Network gateways like firewalls and routers can blacklist the IP addresses of known spam senders,mail servers compromised by botnets, or ranges originating from international spam campaigns. Any SMTP traffic from or to those servers will then be automatically discarded.
- How can schools block SMTP traffic?
Educational firewalls often blacklist non-educational domains, filter messages and attachments based on keywords, prohibit suspected proxies/VPN to limit ways around limits, and prioritise academic traffic over recreational during school hours.
- What are alternatives if my domain or IP address is SMTP blocked?
Workaround options include switching client messaging apps to non-SMTP protocols like XMPP, Matrix or Signal that bypass IP blocks. Or relay mail through intermediate servers not on blacklists before public routing. Last resort is non-IP options like phone, SMS or paper mail.
- How does greylisting defer SMTP traffic as an alternative to outright blocks?
With greylisting, a mail server temporarily rejected messages from unfamiliar servers with a code asking to retry later. Legitimate servers retry per protocol while spammers rarely bother, thus filtering spam without losing messages permanently as happens with outright blocks.
- Can firewalls block encrypted SMTP traffic?
Next-gen firewalls can be configured to block SMTP flows using implicit TLS or STARTTLS encryption if they cannot inspect contents by decrypting traffic with locally installed certificates. This causes problems for servers requiring encrypted channels.
- How can users get around SMTP blocks at work or school?
Typical workaround options for users facing SMTP limits include connecting SMTP client apps over port 587 rather than 25, enabling VPN tunnelling with encryption, using HTTPSecure webmail if available, and compressing attachments to avoid filters checking file extensions.
- Can SMTP traffic be monitored for security purposes?
Yes, corporate rules often require legal monitoring of internal and external communications for data security, records compliance and acceptable use policy enforcement. By sniffing the open SMTP protocol then decrypting with installed certificates, messages can be filtered, analysed, and restricted based on content.
- Does Gmail block SMTP traffic from some countries?
Gmail restricts some insecure authentication methods and may throttle high-risk traffic, but typically doesn’t outright block nations. Spam blacklists are used but only onConfirmed per-sender reputation rather than by geography. Gmail relies heavily on machine learning rather than blunt protocol blocks.
- Can SMTP inherit blacklist status from a compromised server?
Yes, if spammers or botnets exploit vulnerabilities to relay mail through your systems, they can cause destination servers receiving the spam to blacklist your domain or IP address as an assumed willing sender or relay of the junk mail.
- How does port 25 vs 587 differ for SMTP blocking?
Port 25 handles server-to-server SMTP flows while port 587 is designated for user clients to submit outgoing mail to their own mail server. Since client behaviours are easier to normalise, traffic shaping for security on port 587 is easier without impacting other flows via port 25 between servers.
- What are the most common SMTP ports blocked?
Ports most often individually blocked for at least some category of SMTP traffic include 25, 143 (IMAP), 465 (SMTPS), 587 (mail submission), 993 (IMAPS) and 995 (POP3S). But when broadly controlled, all SMTP flows may be limited across all ports via protocol identification.
- How can SMTP blocks impact business continuity?
With so much vital commerce now transacted and tracked via email, unexpected SMTP blocks leading to communication disruptions and messaging failures directly impact sales, productivity, payments, and databases. So problems quickly cascade across an enterprise if email channels aren’t maintained.
- What are best practices to avoid over blocking SMTP traffic?
- Whitelist essential users, servers, and IP ranges
- Blacklist only confirmed spam/virus senders
- Encrypt traffic rather than block encrypted flows
- Lower spam filter thresholds cautiously
- Review policies and reassess need regularly
- Prefer greylisting to deferring messages before blocking
- Allow port 587 for authenticated users rather than port 25