Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers.
Why is Comcast Supporting Port 465?
The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email.
It has been a long standing recommendation from M3AAWG, an international community of anti-abuse professionals, and the Internet Engineering Task Force (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of port 465, which provides SSL encryption. Comcast will also support the industry-recommended port 587, but encourages our customers to use port 465 for the greater security benefits. The recommendations from M3AAWG can be read here and you can also view the IETF RFC 5068 and RFC 4409 (section 3.1, see below).
From RFC 4409:
3.1. Submission Identification
Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site may choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs.
What Makes These Settings More Secure?
Port 465 further improves security through the use of required authentication and SSL encryption.
When sending and receiving email, it is required that you use your Comcast ID and password. This helps to prevent infected computers and other devices connected to the XFINITY services from being able to freely transmit spam and malware.
Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.
Why Does Comcast Offer Support for Both Ports 465 and 587?
Port 587 has been a long-standing recommendation from industry bodies and is supported by Comcast for sending email. It is recommended by both the IETF and M3AAWG. Because of its greater security, many major ISPs and mail providers are now supporting port 465, which offers both authentication and encryption for the entire SMTP transaction. This includes user name, password and the contents of the messages themselves. Major email service providers such as Google, Yahoo and AOL also offer support for port 465. Comcast also supports the use of this port.
Other Bodies Opposed to the Use of Port 25
There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists as well as others provided by similar organizations are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP.
The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows:
“Block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.”
The ITU also recommends blocking port 25 in their document named “ITU Botnet Mitigation Toolkit”. This can be viewed here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.
ISPs that Manage Port 25
Many ISPs, both in the USA and around the globe, block port 25. These include:
- People PC
- All Japanese ISPs
- France Telecom / Orange
Your network safety is a top priority, but securing your computer and Internet connection can seem complicated. If you want hands-on, 24/7 assistance with this or any other tech issue, XFINITY Signature Support
can help. Our affordable premium support service, XFINITY Signature Support
connects you with live experts who won’t just give you instructions – they’ll adjust your settings and fix your problems for you remotely, over the Internet, while you stay comfortably at home.