Why does Sonic.net restrict incoming port 25?

[dancingsnails]

I run an email server locally (I'm currently on Monkeybrains.) I'm using AmazonSES for outgoing email - which is cheap and works well. I can forward over wireguard incoming port 25 from a droplet I run on DigitalOcean if I need to. My worry is that I'd be doing something sonic doesn't want me to and maybe they'd add more restrictions later. So it would help if I could understand what they're guarding against by restricting incoming port 25.
I understand why someone would want to block outgoing port 25. Forcing people to funnel outgoing email through a relay protects the reputation of Sonic's ip addresses and also protects others from SPAM. Amazon would quickly shut me down if I were running a badly configured server that relayed spam through backscatter or such. I don't understand why they're restricting incoming port 25 though.

[dane]

Port 25 (inbound and outbound) is blocked on the Sonic network to reduce spam-related issues. IPs that source or relay spam are blocked or quarantined, which can affect not only you but also other Sonic customers as dynamic IPs are re-allocated.

While it may be tempting to do so due to the ridiculous speeds provided, our residential service network is not intended for hosting servers. We are focused on providing the fastest and most reliable residential connections for typical household uses. If you'd like to host mail, web, or other publically accessible servers, I suggest a cloud-based or data-center hosting solution.

[ngufra]

I believe sonic was willng and able to open port 25 to DSL line one static ip in the past.
One more side effect of not supporting static ips on fiber i guess.

[dancingsnails]

How much do you not want us to host servers? The services I host locally are low volume and only for personal use. For privacy concerns for instance, I like hosting my email locally. I could see how you might worry about people running public facing services that might swamp bandwidth though. I know Monkeybrains monitors people's bandwidth usage and says they'd warn people if their usage got to levels that seemed too high for personal use. That seems a reasonable approach to me.

[dane]

How much do you not want us to host servers? The services I host locally are low volume and only for personal use. For privacy concerns for instance, I like hosting my email locally. I could see how you might worry about people running public facing services that might swamp bandwidth though. I know Monkeybrains monitors people's bandwidth usage and says they'd warn people if their usage got to levels that seemed too high for personal use. That seems a reasonable approach to me.

We don't want folks hosting publically accessible servers on Sonic fiber. Primarily because while household consumption can be estimated and averaged, and is roughly limited by your ability to consume (how many TVs will you stream to, plus downloads and other activities, during the peak bandwidth usage time of the day?), when you host the usage is instead limited only by the REST of the world's interest in what you're offering.

So while a family of six with five 4K TVs might see peak average usage under 100Mbps if absolutely every device is on and all consuming full-scale content -- a single Raspberry PI web server with a single video hosted on it might swamp a gigabit port if that video file is something everyone in the world wants to see.

While we can provide the fastest residential connection in America, it's pricing relies upon typical use cases. That pricing is not sustainable if someone is hosting a popular website, sharing with neighbors, feeding a wireless ISP, acting as a TOR exit node, etc etc. Servers belong in data-centers (aka "the cloud"), for practical network scale as well as economic reasons.

[ngufra]

So sonic does not put caps or throttle its members but they make things difficult on purpose (like not offering static IPs or blocking smtp) to ensure some scenarios are more difficult to implement ?
(I understand that there may be some technical/cost reasons for some things but sometimes, and reading Dane's answer, it's really feels like it's an excuse.)

A mail server does not necessarily require more resources than a game or plex server. Yet one is more difficult to set than the others.

I understand that if signing up more customers is necessary to stay profitable and in business, static ips is not a priority.
Then because static ips are not supported, allolwing port 25 on a select number of endpoints is more difficult.

Don't get me wrong. I still recognize the value proposition that Sonic is offering. Just that it feels it was taking better care of its "power users" in the past.

[kgc]

We've blocked port 25 in/out on dynamic IP customers for over more than 20 years. Historically misconfigured (open relay) mail servers and/or exploited end users on dynamic IP was the largest source of spam leading to it being considered BCP for ISPs to do this (I don't think you'll find any large provider that doesn't) as well as various RBL's that specifically list dynamic IP end users.

[egontech]

These restrictions are probably not a bad default, but it should be possible to get the settings changed if someone has legitimate use cases.

I'd like to test some mail software, and the only blocker to having any mail transfer working is an outbound SMTP connection. An incoming connection would be nice too, and I could even live with IP restricted rules that meant you had to have a smarthost on the internet somewhere.

I called tech support, and the answer about unblocking port 25 was just "no", with no real way to support legitimate users.

How can Sonic support SOHO email systems?

[dancingsnails]

For incoming, I suggest tunneling through wireguard to a vps. You can rent at DigitalOcean for $4 a month. For outbound I've been relaying through Amazon SES. It's cheap and I've found it reliable.

[daniel15]

We've blocked port 25 in/out on dynamic IP customers for over more than 20 years.

I agree with blocking port 25 by default, but it goes against your Net Neutrality page which states:

Sonic does not engage in any practice to block or rate-control specific protocols or protocol ports

You might want to amend that page to list SMTP as an exception.