... one for each computer involved in the connection. Usually, on the server, it's a standard port (25 for email, 80 for http), but on the client the port used is arbitrary (often a randomly picked number like 52561). So your claim that "normal Web traffic will arrive at your desktop tagged for Port 80" is wrong. Your desktop will request the web page using port 80 and tell the server to reply on e.g. port 12345, and the traffic will arrive at your desktop tagged for port 12345. It has to work like this, because if your desktop also happened to have a web server running on it, it would be listening on port 80, and two different services cannot use the same port.

Exactly the point I was going to make. The *server* uses port 25 for smtp mail (and port 80 for web traffic, i.e. http). The client will use some random port (typically higher than 1024) for the connection.

Blocking client outbound connections on port 25 is a decent step for reducing spam, despite the few folks who would like to legitimately run their own mail server. The pros vastly outweigh the cons.

Even better is implementing SMTP auth instead of plain SMTP. Instead of using port 25, it typically uses port 587, and (this is the important part) it *requires* authentication to send mail. All the major e-mail clients support SMTPauth now, and most of the mail servers. If all mail servers required authentication, it would be much easier to identify and shutdown offenders and infected hosts.

I'd also add that describing port 25 as a "virtual pathway" is misleading. Port numbers have nothing to do with routes. They're just numeric tags indicating to the endpoint hosts which service a packet is to be directed to, and most routers ignore them.

Anyone else find this paragraph to be self-contradictory?

"Blocking traffic out of Port 25 from computers not recognized as designated mail servers does, however, have the potential to block legitimate traffic as well. Small businesses that don't have the resources to maintain a designated mail server may send out e-mail in the same way an infected computer does."

If they are requiring that you use the ISP's server, then the small business doesn't need to set up its own server. If they don't require you to use the ISP's server, then the small business doesn't need to set up it's own dedicated server either (each comp can be its own smtp server).

Either way, this paragraph makes no sense because in no scenario would it require a small business to set up its own dedicated server.

seaturnip:

I'd also add that describing port 25 as a "virtual pathway" is misleading. Port numbers have nothing to do with routes. They're just numeric tags indicating to the endpoint hosts which service a packet is to be directed to, and most routers ignore them.

While that's true, the "virtual pathway" analogy is a useful one that helps people visualize how TCP/IP connections work. It's a pervasive analogy used in all the learning materials. The same thing could be said about VPNs.

racerx:

seaturnip:

I'd also add that describing port 25 as a "virtual pathway" is misleading. Port numbers have nothing to do with routes. They're just numeric tags indicating to the endpoint hosts which service a packet is to be directed to, and most routers ignore them.

While that's true, the "virtual pathway" analogy is a useful one that helps people visualize how TCP/IP connections work. It's a pervasive analogy used in all the learning materials. The same thing could be said about VPNs.

Actually I would say that that is definitively NOT true (that most routers ignore port numbers). You have never heard of port forwarding? How about network address translation? Most "routers" also contain internal firewalls which also pay strict attention to port numbers as well. Thats 3 obvious counter-examples to your claim.