It really ought to be blocked. Port 25 shouldn't be used for mail submission!
And then ports 26 through xxxxx gets used for spamming and we all get to go back to snail mail, wonderful.:wtf:
You idiots need to stop the spam at its source - the users responsible,not block or change ports that affect everyday internet users.
The thing is that not many people need the ability to connect directly to port 25 from a residential ADSL line. VERY few people actually run their own SMTP server at their home, and arguably, they shouldn't anyway, with the cost of hosting being so low.
The big difference between access to port 25/26 and 587(LMTP) is AUTHENTICATION.
To submit an email to your ISP (or your personal hosted email server) for relaying to its final destination should only require access to port 587(LMTP), and should be authenticated.
To deliver an email to a final destination requires access to port 25/SMTP, and is NOT authenticated. This is what the spammers are counting on.
If more and more ISP's block outbound SMTP from the residential customers, who, let's face it, make up the vast majority of machines on the internet, and are also the most difficult to track down (dynamic IP) and ask to stop spamming, the less spam there will be on the Interwebs.
The next evolution in spamming will be to use the user's credentials to connect to their own LMTP server. At which point it becomes the ISP's problem to detect customers sending spam through their mail servers (because they will end up with their primary mail server being blacklisted), and they can either contact their own customer, for whom they should have contact details, or simply bounce all and any mails from those customers until they contact them to find out why.
Then we are just left with spammers using non-residential connections, which are also typically fixed addresses, and can simply be blacklisted.
I'm struggling to see a downside here. Can someone enlighten me?
Note: I'm not advocating that ISP's should only allow LMTP to their own mail servers. It should be sufficient to allow LMTP to any server, so long as those servers are requiring authentication. And I can't really imagine anyone in this day and age who would set up an LMTP server without requiring authentication. And if they do, that fixed IP server would get itself blacklisted pretty quickly anyway.
What am I missing?
Added:
I suppose that ISP's are wary of blocking customers who are connecting to existing SMTP servers on port 25, and forcing them to fix their configurations. I don't suppose it would be that difficult to route all SMTP traffic through a transparent proxy (much like HTTP is now), and verify that all outbound mail is first authenticated.