Easy! IT | Security | OP25B

This article is a rough explanation of OP25B.

Everything might be not exactly correct in this article but it’s very useful for beginners to understand IT terms. If you want to learn IT but you don’t have any experience to work in the IT industry, I wish it helps you to understand IT. And I hope this article makes you study IT more.

Let’s start our 3 minutes lesson!

What is OP25B?

OP25B is the abbreviation for Outbound Port 25 Blocking.
The configuration for OP25B is to prohibit using Port 25.
The aim of OP25B is to prevent sending spam emails from inside to outside.

OP25B is for stopping sending spam emails from inside ISP to outside ISP. To prevent spam emails, you should block outbound port 25. If you don’t know “ISP” and “port”, please check the following articles first.

Easy! IT | Network | Port(Computer NW) | Japan Teams

Easy! IT | Network | ISP for Internet service | Japan Teams

1. What is port 25?

I guess some people don’t want to go to the other pages and don’t read those articles as written above. So, I explain “port” shortly.

This “Port” is not “Hardware Port” but “Port in networking”. When you use application services, you need to access servers that provide them. IP addresses show where those servers are. But IP addresses are not good enough to use applications, because servers have many applications and they want to know which one you want to use.

**You can reach the server with an IP address, but you need to tell which service you want to use.**

Then “Port” helps you! If you tell the server that you want to use the mail service, then the server can listen and open the mail service for you.

**The server can show you which room provides the service you want.**

And this window stream is called “Port”. And IANA(Internet Assigned Numbers Authority) manages ports with numbers, and they divide ports into three categories. Well-known ports, Registered ports, Dynamic or private ports. If people use different numbers for the same service, that definitely causes chaos. So the ports of services which many people often use have fixed numbers not to make people confused, that’s the well-known ports numbers(1-1023). And,

Port 25 is used for an email service.

**When you use the well-known port numbers, you don’t have to tell the service name.**

2. Why do you need to block port 25?

When you send emails, emails are delivered to SMTP servers. Yes, SMTP servers used to open the window whose number was 25. But it’s very risky because people know that everyone can connect to SMTP servers with port 25.

**SMTP servers work for delivering emails.**

If cyberattackers think that they use this port 25 for their attacks, is that possible? Yes, because port 25 is open for everyone and they know that port is for an email service.

**Everyone can use port 25 and some people don’t use services properly…**

If SMTP servers open port 25 for email services, they receive not only proper emails but also spam emails. If users who send spam emails via SMTP servers which ISP provides, ISP can stop providing the email service to them or unregister them, anyway ISP can control their activities. But ISP can’t find that users send spam mails via servers which they don’t provide.

**ISP can control only users who use ISP’s servers.**

So ISP decides to block all network traffics with port 25. But this traffic is only trying to go outside.

This is OP25B, OutBound Port 25 Blocking.

3. How do we send emails without port 25?

How can I send emails to outside ISP when port 25 is blocked?

Instead of port 25, ISP prepares port 587.

I think you wonder the same problem could happen to port 587. No it will not. Because port 587 requires users to pass authentication. Sometimes, they use port 465 as well. You need SMTP authentication to use Port 587 requires. When ISP uses port 465, they use SMTP over SSL/TLS.

These two ports are called “submission port”.

**PORT 587 requires SMTP authentication when users try to send emails.**

4. Block only outbound traffic?

If attackers send spam emails to users who use the same server provided by the same ISP, can they send spam emails?

Yes, they can if only OP25B is available.

There is another security for inbound traffic, IP25B. I’ll explain IP25B in another article.

I hope you understand the rough concept of OP25B at least. Unfortunately, there are not many information about OP25B in English. Please check the following pages with google translate if you want to know more details.