DigitalOcean blocks SMTP ports 465 and 587 since last month(docs.digitalocean.com)
26 pointsby leni5369 days ago9 comments
  • rubatuga8 days ago
    If you need unblocked ports you can also use https://hoppy.network

    We provide ports 25, 465, 587

    Disclaimer: cofounder of hoppy

  • grumpyinfosec8 days ago
    This makes alot of business sense, most orgs know better than to homebrew their mail env on (lets be honest here) "basement hosting LLC". So that leaves the people that are spamming/phishing as the core SMTP customer here.

    We lost the personal self hosting fight long ago. I used to do it, but now i pay protonmail to do it for me and even that is losing its luster since proton technology IP blocks are pretty radioactive at this point. Some day will have join the outlook or gmail gang which makes me sad; but setting here in my chair staring at my orgs email firewalls and seeing 80+% inbound volume being auto-blocked as spam, bulk or phishing it make me wonder if anything of value was lost.

  • LinuxBender8 days ago
    Most of the VPS providers have been implementing variations of this for a few years now. Most of them will not block ports on accounts created before a certain date and will open the ports for people that open a ticket and state they will not be sending UCE and are responsible postmasters that will secure their mail servers inbound traffic and accepting an agreement that if they abuse it or let someone else abuse it their account is gone. Seems more than fair to me. It's a nice alternative to having to say, "and this is why we can't have nice things." We can have nice things.
  • selectnull9 days ago
    "we strongly recommend against running your own mail server in favor of using a dedicated email deliverability platform"

    This is ridiculous. We have collectively surrendered email and became hostages. I'm as guilty as everyone* and don't really see the solution.

    * most. You're the brave ones.

    • bell-cot9 days ago
      Assume their recommendation is not aimed at you, but at the 99% who like the idea of running their own mail server...but lack the skills and commitment to do that securely, over time.

      DigitalOcean might not be the target of the resulting spam tsunamis, but they still bear a fair hunk of the "support & consequences" costs.

      • kees998 days ago
        DigitalOcean, or more precisely - some of their customers are the source of quite a few spam tsunamis, at least according to spamtrap data I'm collecting on my mail server. So from that perspective, a big "thank-you" goes out to DO for firewalling off outbound port-25 traffic by default.

        That said - reading "Even if SMTP were available" and "recommend using SendGrid", it sounds like there is no opt-out from this. Even for customers who would want to self-host a mail server that never sends in bulk. Now that, is reprehensible, and adds yet another brick in the already tall wall that mail duopoly+ (gmail, outlook, and handful others) enjoy.

        • vkaku8 days ago
          Interesting! Please post source.
          • 7 days ago
            undefined
    • joijoj8 days ago
      Does it matter that much? If you need 1:1 private comms, personal SSL certs and a Dockerized chat client are available?

      Email only persists due to nostalgia. We have literally dozens of other methods to sync state between two machines.

      Private git repo? Private IRC?

      Note how providers are not blocking other options. Email is inherently insecure due to the header structure, and open to the world by default is an invitation to be misused by spam.

      Sorry everyone but an "open world" has revealed we're all just biological meat suits everywhere doing human shit, hallucinating there's some culture binding us (which just translates to "practice of a cult").

      Breaking Bad ended 10 years ago. Star Wars was decades ago. Email is terrible in many ways. Move along.

      • subscribed8 days ago
        How can I move along if EVERY online shop, mechanic, government body or school I tlak with NEEDS my email address to facilitate the contact, conversation or transaction?

        What do you propose to these who are currently forced to provide email addresses to lead their daily lives uninterrupted?

        And I'm not asking for the example appropriate for the primary school aged child or a senior living in the care home.

        Just examples for the normal human adults.

        • kees998 days ago
          I guess GP meant that online shops, mechanics, government bodies and schools were meant to move along?

          Not exactly clear where to, though. We don't have another messaging system with quite as wide reach (a.k.a. high value, in terms of Metcalfe's law) as email.

          Texts(SMS), maybe? But those are not without their own problems - see "green text bubble stigma".

  • bulatb8 days ago
    It looks like this is only for accounts created after June 22, 2022. Mine are older and their emails have been going out before and since.

    I never even heard about this.

    https://www.digitalocean.com/blog/smtp-restricted-by-default

  • leni5369 days ago
    Old support page: https://web.archive.org/web/20241217094107/https://docs.digi...

    Not sure how this change makes sense.

    • subscribed8 days ago
      Previously you had to contact support to have it enabled, it worked well.

      I just checked and my DO droplet can still receive emails on ports 25 and 465, and I can also talk from the droplet on both, and also 587.

      So not sure what does this announcement means.

      • leni5367 days ago
        I can no longer make outgoing connections on 465 and 586, which is annoying as that's how I used a relay SMTP server. Which is funny because they suggest to use an SMTP relay, and I already did.
  • systemswizard7 days ago
    A lot of hosting providers do this. Some will even allow their use if you ask too
  • vel0city8 days ago
    News to me, my SMTP servers on DO are still working just fine.
  • niux8 days ago
    Can't you use another port to send emails?