Is this Comcast/Xfinity security warning not to use "port 25" legit or a phish of some kind?

[astro]

I received this email today. Is it legit or an attempted phish?

Dear Valued XFINITY® Internet Customer,

We care about your email security when using our network. On August 1, Comcast announced that for security reasons we will no longer support the use of port 25 for sending email from programs like Outlook or Apple Mail. It appears that one or more computers connected to your Internet account are using port 25 to send email. A port is a connection through which information flows from a program on your computer, from another computer in a network, or to your computer from the Internet, Port 25 is an unsecured port, and it is increasingly used to send spam emails through malicious computer programs called malware. These spam emails are usually sent by computers that have been infected by viruses, and as a result, most users are unaware that their computers are sending spam. By no longer supporting port 25 to send e-mail, this will help prevent your computer from sending spam without your knowledge.

What You Need To Do:

We are asking you and other impacted customers to change your email program settings to port 465, which provides more security. You will be unable to send email over port 25 once it is disabled, and you will need to update your settings to port 465 in order to continue to send email. Please click the link below for your current email software and follow the step-by-step instructions to change your settings.
• Outlook Express
• Outlook 2003
• Outlook 2007
• Outlook 2010
• Windows Mail
• Mail (Apple OS X)

Don’t see your email software? Simply locate the preferences for your mail account in the software you currently use, and input the following settings:
• Outgoing (SMTP) Mail Server: smtp.comcast.net
• Outbound Mail Server Port: 465
• Requires Authentication? Yes
• Username: Your Comcast.net user name (the first part of your Comcast.net email address)
• Password: Your Comcast password

Prefer professional tech support? A highly trained, Tech Expert can remotely change your settings to secure your email. To find out about one-time service and fixes, visit xfinity.com/SignatureSupport.

If you use another email provider, please contact your provider for its recommended port settings. Most email providers offer an alternative to port 25 for sending email.

If you have additional questions please visit our Help and Support site or our Customer Forums where many questions are discussed and answered by the Comcast community.

Thank you for being a Comcast customer.

Sincerely,
Comcast Customer Security Assurance

[FoundWaldo]

I see nothing in that that makes me question its legitimacy.

[astro]

FoundWaldo:

I see nothing in that that makes me question its legitimacy.

Thanks will go ahead and make port change.

[si_blakely]

And I will add - about time. ISPs should have been blocking port 25 (outgoing SMTP) traffic for years.

Glad to see that this is finally happening.

[Deeg]

I have Comcast/Xfinity and I didn’t receive this email. If I’m understanding the email correctly (always a dicey proposition) I have three thoughts:

1. It’s a scam. (Unlikely)

• or -

2. They’re shutting down your access to port 25 because they detected spam coming from your PC. If this is true you might want to run some malware detectors to see if you accidentally picked up a trojan.

• or -

3. Dang you send a lot of email! =P

[Duckster]

Deeg:

2. They’re shutting down your access to port 25 because they detected spam coming from your PC. If this is true you might want to run some malware detectors to see if you accidentally picked up a trojan.

This.

Email is used for important communications and Comcast wants to ensure that these communications are both as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers.

(Bolding mine.) http://customer.comcast.com/help-and-support/internet/email-port-25-no-longer-supported/

Run a set of malware diagnostics on your computer. Your computer is probably infected.

[control-z]

The OP said they were going to make a port change, so I would assume they were legitimately using port 25.

But yes, overall this seems to be an effort to stop botnets from sending spam from people’s infected computers.

[Daylate]

I got one of those emails yesterday. However, I had changed my outgoing port from 25 to 465 some months ago. Don’t know why Comcast sent me the notice.

[sachertorte]

Side question:

What’s so special about port 25 and port 465? How are they different other than being different numbers?

[Derleth]

sachertorte:

Side question:

What’s so special about port 25 and port 465?

Nothing, except they are (or, in the case of port 465, were) standardized as being the proper ports for SMTP to use. That means mail software that speaks SMTP will default to using those ports.

[Leaper]

Duckster:

Run a set of malware diagnostics on your computer. Your computer is probably infected.

I have a Mac, and I got this e-mail. I was legitimately still using port 25 without realizing it (since I rarely go into that section of Firefox’s preferences).

[DrCube]

Isn’t port 25 for plain text email and port 465 is for secure email?

[gnoitall]

DrCube:

Isn’t port 25 for plain text email and port 465 is for secure email?

Wikipedia article cited above calls it “legacy secure SMTP in violation of specifications.”

Where I come from, willfully violating Internet RFC specifications for a service is serious stuff. No IANA specification calls out using 465/tcp for email of any kind.

Apparently, this assignment (465/tcp to SSL-wrapped email) was in response to something Netscape went off on their own to do in Netscape 3.0 (which, if you recall, had an integrated email client) back in the 90s. 465/tcp was assigned outside of the standards track to this function ages ago, but since has been superceded by using ESMTP authorization and security features over the normal SMTP port 25/tcp. 465/tcp is actually reassigned to something completely different, but apparently no one cares.

Related Wikipedia article:

Wikipedia:

Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS had been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.

So, yeah, Comcast is perpetuating an outdated and deprecated technical solution in defiance of specification guidance because doing the right thing may be too hard to explain to their userbase.

[friedo]

SMTP over SSL on port 465 is enough of a de facto standard that all email clients in current use will support it. And it is usually easier for users to setup than SMTP authorization.

[DrCube]

Well I’m pretty sure my hosting provider, bluehost, offers secure SMTP over the same port. 14 years sounds like a long time to still be doing things the wrong way, just because it was the right way for a year in the 90s. Is there any other example of multiple services ignoring RFCs for so long?

[Carryon]

People have been using email ports for encrypted P2P traffic as well, as ISPs are less likely to block total access to an email port.

[chorpler]

Does this mean Comcast will now prevent its residential customers from being able to connect to port 25 on any other machine over their Internet connection?

[dstarfire]

chorpler:

Does this mean Comcast will now prevent its residential customers from being able to connect to port 25 on any other machine over their Internet connection?

Yes. Port 25 says “this chunk of data (or packet, in technical terms) carries outgoing email”. If traffic on that port is not email, it’s not standards-compliant and they have no obligation to support it (and even a minor one to prevent it).

[Beware_of_Doug]

As one of those lame-o liberal arts types, I immediately suspected the message was not a phish because the English was too good.

Not perfect (“impacted customers” sounds like a reason for Comcast to see an oral surgeon), but better than typical phisher pidgin.

[si_blakely]

dstarfire:

Yes. Port 25 says “this chunk of data (or packet, in technical terms) carries outgoing email”. If traffic on that port is not email, it’s not standards-compliant and they have no obligation to support it (and even a minor one to prevent it).

More to the point, SMTP traffic on port 25 should only be allowed from residential customers to the Comcast mail servers. The Comcast mail server can then authenticate the sender and relay the message. Other Mail servers can then reject all port 25 traffic from Comcast IP addresses that isn’t the known Comcast mail server. People who wish to use a non-Comcast mail server (i.e a work mail server) to relay their mail should be using the authenticated Mail Submission Agent on port 587 (preferably with encryption).
This also means that Comcast users cannot have their computers hijacked to participate in spam email botnets sending emails to other email servers. That traffic will be blocked.