Summary: This week Comcast Xfinity sent out an email warning about outgoing email issues relating to email clients still set to use port 25. Due to spambot abuse, Comcast has been gradually blocking this port over the past 3 months and this belated warning email indicates to me that they’ve had a lot of upset/confused customers experiencing sudden, seemingly unexplainable issues with sending email. Today we talk about why Comcast is making this change and show you how you can proactively adapt instead of panicking when suddenly your email stops working. Scroll to the bottom of this post for instructions on adjusting settings in your specific email client (Outlook, Windows mail, etc.) as well as specific instructions for Vermont Design Works clients.
Please tell us in the comments whether or not these instructions were helpful to you or if you have further questions.
*UPDATED 3-4-13 – Scroll for Simplified Instructions and Screenshots*
Comcast Xfinity to Block Port 25
As part of a lengthy and technical blog post about internet security on August 1 of this year, Comcast Voices mentioned that they’d be phasing out support for Port 25 as an option for customers’ outgoing email server (SMTP). The post, which few people likely ever saw, didn’t exactly convey a sense of urgency, but did link to another post written the same day, explaining specifically why Comcast Xfinity would soon be blocking of Port 25 (emphasis mine):
Over the past few years, Comcast has managed port 25 by selectively blocking its use in response to spam complaints. This made sense when spam was often sent by an end-user clicking a “send” button. But in this age of bot networks, malware is now responsible for sending the most spam and users are unaware that spam is being sent by their computer.
As a result, we are updating our management of port 25. In order to ensure a more secure network and email domain, Comcast will no longer by default allow access to port 25 for our residential Internet users. In addition, we are asking comcast.net email users to migrate to port 465, which offers SSL encryption. We will continue to support the industry standard port 587. Upon request to our Customer Security Assurance team this block can be removed, enabling access to use port 25 for other email domains, though the comcast.net email servers will no longer accept submission via port 25. These changes will occur gradually across our network beginning today.
Translation: Spambots take advantage of Port 25’s vulnerabilities and use it to send spam from user’s computers. For that reason, Comcast will soon block this outgoing email port for users that use an email client on their computers (rather than webmail), such as MS Outlook, Mozilla Thunderbird, etc. Many ISPs have blocked this port for some time, but it’s a new change for Comcast Xfinity users. It’s important note that this change has the potential to affect any Comcast Xfinity internet customers who use email software on their computer. While it’s probably a good idea to change your outgoing port settings to 465 or 587, as Comcast advised above, they do state that for non @comcast.net email accounts, they will unblock port 25 upon request. We would however just advise that you change your port settings to make things easier. *UPDATE – Many Comcast subscribers have found that 465 (Comcast’s recommended port) isn’t working, but 587 is*
To further bolster their case, Xfinity adds the following:
There are number of other influential bodies that recommend against the use of port 25.The Federal Trade Commission (FTC), an organization that has taken legal action against many spammers, also recommends that port 25 is blocked by ISPs. The recommendation is as follows: “block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.”
Comcast Xfinity Sends Out Email Warning
As I mentioned, those blog posts were from August 1 – So why are we just bringing this up now? Because for whatever reason, one of our employees just received an email notification about this change at their personal account yesterday. (I mention “personal account” to differentiate from Comcast Business Class, which is our ISP here in the office, and as Comcast stated in the excerpts above, the change is just supposed to impact “residential Internet users”). The one caveat I think users should be aware of here is that some offices probably use “residential” Comcast Xfinity internet service, so you may not be immune to the change just by virtue of the fact that you’re in a commercial setting.
Comcast Outgoing Email Problems?
Have you already experienced outgoing email problems? That wouldn’t be surprising given that despite this email only coming out yesterday, they did announce on their blog (which I’d be willing to bet is very rarely read) that they would start rolling out the change more than 3 months ago. But don’t feel bad if you hadn’t heard and were suddenly unable to send email – you’re not alone.
We’ve actually had a handful of clients call in after experiencing this issue, although in most cases the problem had more to do with people moving from Comcast (and using Port 25) to another ISP that already blocked Port 25. Just a few months ago, an ISP change like this would cause outgoing email issues, but this move by Comcast Xfinity seems geared toward following industry best practices and blocking the port that most others already block. It’s important to note, however, that not all ISPs are blocking and some specifically request that you use 25, as you can see in Fairpoint’s Thunderbird email setup instructions. Just some things worth being aware of in case you plan to move to/from Comcast soon, or even if you’re just an existing customer who uses old port settings.
Vermont Design Works Client Email Settings
If you’re a VDW client, the most important take-away comes in the line about who this impacts. From the second paragraph of the first excerpt above – “comcast.net email users”. If you’re one of our clients, you’ve most likely been set up with email addresses that end in @yourdomain.com. If this is the case and we host your email, we specifically recommend changing your outgoing port to 587 and unchecking the SSL box in your email program’s settings. Comcast’s recommendation of 465 is specifically for @comcast.net email accounts.
How to Fix Comcast Outgoing Mail Server Port Problems
If you’re already experiencing issues with outgoing mail, Comcast provided some helpful links in yesterday’s email for configuring outgoing port settings for various email clients, but remember they are recommending port 465 which still isn’t working for many people, so you should use 587 when you get to that step:
Email Program Users (Outlook Express, Outlook, MacMail, etc.):
If you use an email program, this action will disable your program’s ability to send email until you change your email program settings to send email on port
465587. (*Again, despite Comcast’s official recommendation to use 465, it still doesn’t work for many users*)
To protect your email security, click on the link for your current email software, then follow the step-by-step instructions to change your settings.
Don’t see your email software? Then locate the preferences for your mail account in the software you use and provide the settings listed on this page.
If you’re a Comcast Xfinity internet customer, please let us know in the comments below whether you’ve experienced any outgoing server issues in recent months.
*UPDATES 3-4-13 – Use Outgoing Port 587*
I’ve made note of this is several sections in this post, but I thought this update deserved it’s own dedicated section, given the mess Comcast Xfinity has made. Apparently Comcast is still rolling out the blocking of Port 25, so many people are just now experiencing email issues. Unfortunately for many users the problem isn’t solved even if they follow the recommendations to change their outgoing port to 465. We’ve heard from a lot of people who’ve had this issue and the real solution in most cases has been to change the outgoing port setting to 587 and checking the box for “My outgoing server (SMTP) requires authentication” within your email account settings. See the screenshots below:
Comcast’s *helpful* links above will help you navigate to your account settings if you haven’t already gotten that far, but once you’re there, the settings above are the key. I personally experienced the 587 works/465 doesn’t issue myself this weekend, as my parents suddenly couldn’t send mail. I tried 465 on both of their computers to no avail, but they were back in business as soon as I tried 587.
*UPDATE 3-11-13 – Set Up SMTP Manually for Non-Comcast.Net POP3 Email Addresses*
Is Comcast your ISP, but not your email provider? Carl in the comments section offers the following tips for these situations:
Just noticed this today. Outgoing Emails for the last two days were hung up in my Outlook 2010 outbox.
I use another service in Outlook for incoming POP3 mail. I don’t use a comcast.net account for that purpose. I think many comcast customers do the same.
So the instructions on Comcast’s website and in your screenshots are incorrect for users with non-Comcast pop3 accounts. I that’s the case, you do NOT want to check: “Confirm that Use same settings as my incoming mail server is selected.” Instead, configure the smtp account separately.
Basically Carl is saying that you’ll want to set up your outgoing server manually, rather than selecting “Use same settings as my incoming mail server”. The interesting this is, as a Gmail user (personally at home) my incoming server isn’t Comcast either – incoming is pop.gmail.com, outgoing is smtp.gmail.com. So I still wouldn’t think that I’d need to change more than the port number, but Carl’s suggestion is certainly worth trying if you’re still stuck.
Alternative Simplified Instructions for Non-Comcast.net Users
In the comments Minda offers the following directions that helped her. Give these a shot if you’ve tried everything else and you’re still stuck:
THANKS TO ALL,
A light finally went on after reading Kara’s email…
FOR NON comcast.net users:
1. In Internet Email Settings – Change the outgoing email (SMTP) to smtp.comcast.net
2. In More Settings/Outgoing Server – check the box “My outgoing server requires…” AND choose “Log on using” the username and password you use to log onto the comcast.net website. Check Remember password. This username and password is different than the one I used on the Internet Email Settings page.
3. Under the Advanced tab, use 110 for the incoming box and 587 for the outgoing box. You might have to try both ways as to whether your server requires encryption.