This is another thread that while started as mildly operational ended up as usual discussion on spam filtering, which is not on-topic. I'll make a brief summary: a) statement of original problem by Owen: Is blocking or proxying ports 25/587 appropriate for NSPs? A few responses were pointing out that everything is fair as far as port 25, but port 587 should be unmolested. In the alternative, suggestion made to use port 465 (the ssl equivalent of port 587). Some pointed out that the filtering is a trend that everything except port 80 and 443 are blocked. b) Discussion diverted very quickly to DKIM, SPF, SenderID, Challenge-Response, statistics of mail filtering, blocklists, etc. I'd like to remind everyone what is and what isn't on-topic here: Spam filtering, in general, is *not* on-topic. Spam as a threat to network operations is on-topic. Control of outbound spam our users send is on-topic to a certain point - like, the original post, whether ports 25 or 587 can be blocked or proxied. End-user discussion on spam filtering is *definitely* off-topic. Let me reiterate: If you do not have a perspective of network operator, it is not likely that you can contribute to the discussion in a meaningful way. Note, in this case, 'enterprise' mail filtering is still end user, as far as network operators are concerned. Another example: If you can see your post being a slide of a presentation at NANOG, then it is on-topic. If not, it isn't. While we can all agree that network operations must include certain amount of dealing with spam, same can be said about janitorial services. Just because we have to deal with it, doesn't mean it is on-topic here. If you would like to continue discussing state-of-art for mail filtering, there are better lists to discuss it (like MAAWG and many others). In the light of above, please constrain the discussion to the network operator's view of spam filtering. As usual, if you would like to discuss this post, please do so on nanog-futures. -alex [mlc chair]