breaking the internet

5 minute read

On the internet, network services are commonly defined by the port they use. For example, when you are on a website, you're typically connected to port 80 of the remote computer, but your browser does this transparently for you. If you're sending email, you're connected to port 25 of your mail server. Ports are important to know about for network debugging as well as security. For more information, see the hackepedia page on ports.

When I moved to Victoria several years ago, I quickly realized that competition for broadband is non-existant here in British Columbia; you use Telus for DSL (limited to ~7Mbps) or Shaw for cable (can go as high as  100Mbps currently). As I work from home, and am a techy, I opted for the Shaw route. All other broadband providers I'm aware of in Victoria are just resellers of these two. I was quickly surprised to learn that Shaw blocks port 25 inbound; this was no good, as I own my own mail server and don't want to be forced to provide Shaw with access to all of my emails so they can read and/or log them forever.

When I called to enquire, they told me that to get a static IP and port 25 unblocked (required to run my own mail server) I would instead have to pay a premium of ~$90/month for a 15Mbps connection that does this. I had no choice, they are the monopoly of cable broadband in the region. This is an incredible tax for the privilege of not allowing Shaw to log and read my emails.

I should note that in the last 5 years, there was exponentially more spam sent out from Shaw's official email server than from mine (none).

Several years later, I now have a second location in Victoria, and so I setup a residential 15Mbps connection, where I pay $30/month for the next 6 months. I quickly realized that port 25 is blocked, as I can't even connect to my other Shaw internet connection!? I'm paying for two connections, and can't have one use the other?

This made me think, they've only implemented port 25 blocking for a possible two reasons

  1. Shaw insists you use their mail servers, why? Are they reading our emails? How long are they logging them for? Who in their organization has access to them?
  2. They enjoying charging a tax to technically savvy users that don't want to give Shaw access to all of their private emails.

I decided to ask them on twitter:

@shawhelp I pay $30/m for 15M internet at one house, and $90/m at another so I can us port 25. Why the $60 tax to send email?
@cqwww Port 25 blocks have been in place for quite awhile now. Only affects you if you aren't using #shaw servers (J36)
@shawhelp But you allow me to send email for an extra $60/month from my shaw acct; I doubt $60/month is an effective way to stop spammers?
They've also since DM'd me: Curious, would there be any reason you can't change the outgoing port to something other than 25? -F52
As you can see, I've responded in public:
@shawhelp Why would I change the standard port number (25)? I'm trying to run a mail server that works. Changing it breaks things.

As you can see, they're suggesting they block port 25 to block spammers, but are they really arguing that a spammer wouldn't pay the $60/month premium/tax to do so? That seems like a really silly argument, and if you're willing to pay this premium, they will unblock port 25. They suggest I can change the port, but that effectively breaks the internet. If you and I are friends, and I say you can have an account on my private email server, would you like having to figure out where in your mail program's advanced settings you change the port number just for emails going to my mail server? That is a huge inconvenience. It's like requiring your clients to knock at the side door of your business with a special knock instead of just walking in the front, it's not something one should be required to ask of their friends, or clients.

I should also note this is not a bizarre request I am making. When living in Ontario, I was using Teksavvy which doesn't block any internet ports.  This is standard in any competitive internet landscape, not something we have here in BC. I will suggest that as a result, Shaw is false advertising; they are not offering "internet service", but they are offering "limited network access". They are effectively breaking probably the second biggest part of the internet next to web surfing, email.

My friend Kevin also enquired on twitter, as he was writing an anti-phishing tool, and Shaw replied:

Port 25 is reserved for Shaw SMTP server on our network. Using a 3rd party SMTP you will need a different port number. -L81

This is interesting, as Shaw has decided they will block port 25 from everyone, but themselves! Again, the suggestion of using a different port number which themselves do not do, as they know this breaks the internet. This is an obvious case of unfairness.

I have since found a company in Vancouver that will give me a piece of a server, called a virtual private server (VPS) for only $12/month, with no ports blocked. As I figure this negotiation with Shaw will take some time, I've decided to setup a VPS with the provider in Vancouver, and I will run my email through them. Having just set that machine all up and was ready to test, I was having some issues; only to discover blocks outgoing port 25 as well, not just inbound! This means that as a Shaw ISP user, they absolutely require you use their mail server, instead of any other email server in the world?! This is clearly unacceptable.

I'm looking for solutions here to resolve this in the interim. Is there a way in to handle SOCKS proxy (ssh -D) without it being system wide? Or even better, can I setup SOCKS proxy in just for one account (my VPS account) that way I can still also check my email (Shaw requires you're connected to their network to check your emails?!).

A few questions to Shaw:

  • Is it fair you charge a tax for the premium of running a mail server? I don't want you to read my emails, and I provably send out less spam than you do!
  • Is it fair you allow port 25 for yourself and not others?

In the long term, who is ensuring ISPs in Canada are competitive and secure? I'd love to speak with them.




Leave a comment