This article explains why port 25 is blocked in the cloud, the risks it mitigates, and how to adopt secure email delivery practices using ports 587, 465, or third-party services.

What is Port 25?

Port 25 is the default port for sending emails via SMTP. It is primarily used for:

• Relaying emails between mail servers.
• Sending outgoing emails from mail clients to servers (though ports like 587 and 465 are now preferred).

Why is Port 25 Blocked?

1. Preventing Email Spam and Abuse

Cloud environments are often exploited by spammers to send massive amounts of unsolicited emails. Blocking port 25 helps prevent these platforms from being blacklisted by email providers.

2. Mitigating Security Risks

Unrestricted access to port 25 can lead to:

• Phishing emails.
• Malware distribution.
• Denial of Service (DoS) attacks on mail servers.

3. Compliance with Industry Standards

Blocking port 25 ensures compliance with email regulations and anti-spam laws.

4. Encouraging Secure Email Practices

Modern email standards recommend using ports like 587 (STARTTLS) and 465 (SSL), which provide encryption.

Implications of Blocking Port 25

For Legitimate Users

Blocking port 25 can disrupt:

• Self-hosted email services.
• Outbound email notifications for apps or services.

For Cloud Providers

Cloud providers must balance usability with security, minimizing abuse while maintaining customer satisfaction. As Cloud provider we don’t want our IPs to be classified as abuse IPs.

Alternatives to Port 25

1. Use Ports 587 or 465

• Port 587: For SMTP with STARTTLS encryption.
• Port 465: For SMTP over SSL encryption.

2. Utilize Third-Party Email Services

Leverage trusted email service providers like:

• Amazon SES
• SendGrid
• Postmark
• Mailgun

3. Request Port 25 Access

Some cloud providers allow users to request access to port 25 for legitimate use cases:

• AWS: Submit a support request to unblock port 25.
• DigitalOcean: Contact support with a valid justification.
• Excloud: Create a support ticket with justification.

Best Practices for Email in the Cloud

1. Authenticate Outgoing Emails Use SPF, DKIM, and DMARC records to improve email deliverability and prevent spam.

2. Monitor Email Usage Regularly audit email-sending infrastructure for anomalies.

3. Adopt Secure Protocols Always use encrypted ports (587 or 465) for sending emails.

Conclusion

Blocking port 25 is a necessary step for cloud providers to enhance security and prevent abuse. While it may inconvenience some users, secure alternatives like ports 587 and 465, or third-party email services, offer reliable and scalable solutions. By adopting these practices, users can ensure secure and compliant email delivery in the cloud.

In Excloud port 25 is open inside your private subnet so you can do SMTP testing within your subnet but we block port 25 from egressing to the internet.

Go ahead and create your first free instance using this guide to test your SMTP server.