---

jasonamd wrote:

I guess I just can't believe they treat customers like this.  And I still can't believe that when I was asked if there was someone else I could speak to about the issue I was transferred to someone that was going to help me cancel my account...which I never asked for.

 

To me that says they just want to get rid of me as a customer...which I think they have now done.  Not because they blocked the port...but because they won't tell me why they blocked and then transferred me to someone to cancel my account when I never asked for that.

 

Not only that...they need to update their online help if the ban is permanent.  All the online help talks about a 24 hour cooling off period during which it is blocked.  Two of the three people I talked to on the phone even told me it was only for 24 hours.  Not to mention, no one could tell me how to correctly set up port 587.  They told me to just change the port from 25 to 587 and it would work...and when it didn't they wouldn't help me further.  No one said I needed to turn authentication on....

---

---

cjortega wrote:

You were sending email to a non-comcast smtp server using port 25, so they blocked you.

---

If this wasn't so sad it would be funny

Well, I just got off the phone with tech support.  She took the company line that comcast was not blocking ports.  Then she advises me to change my smtp from 25 to 587.  It did not work so she says I need to reboot the PC.  That's bs.  You don't need to reboot for that change.  But I did any way to appease her.  Still could not send.  So then she says to change to port 465.  Still no go. 

She says she sent me a test email (I already I told her I could receive just fine).  But I did not receive her test!  So I say, "maybe you are blocked too".   I asked her to send herself a test email.  She asks me how can she do that (who is the tech support here?).  So she puts me on hold for a while and comes back with a confirmation number and says someone from comcast will be calling me back.

I spend $100 a month on comcast.  ATT dsl and dishTV is starting to look enticing.  I can understand having a malfunction but I don't like being falsely accused and unfairly punished. 

Yeah....I had to figure that out on my own too.  I had several different people tell me to use port 587 but no one said to enable authentication.

Folks, see this sticky post.  It describes what to do in explicit detail.

I do agree that Comcast's support people are a pretty variable lot.  Some are very good, but others have no business being on a Tech Support line, they are clueless and have no understanding of what they are saying.

Here's a breakdown of what ports Comcast supports for sending email:

• 25 The standard SMTP port.  It requires no authentication or SSL settings (although SSL and TLS are allowed).  It's open the Internet but will only send mail to Comcast customers, or from Comcast customers (based on IP address).  As such it's vulnerable to customers with infected systems and Comcast has begun blocking port 25 at the cable modem level for those it thinks are spamming. "Spamming" here means something pretty ammorphous and Comcast blocks a whole bunch of people of who are clearly not spamming or otherwise infected.  You can't really argue with them though, it's just best to switch to either 465 or 587.
• 465 The standard SMTP port for SSL encrypted connections.  It works the same as port 25, but it requires SSL (but not TLS) and authentication (password, login, or CRAM-MD5).  It's typically used by customers who want a secure conduit to the SMTP server but may be using unsecure networks outside of Comcast (or inside the Comcast area for that matter).  Use of this port is on the decline with the emergence of port 587 as a mail submission port, but it works and many folks still use it. It's also used to get around port 25 blocks on other networks or ISP's, since blanket port 25 blocks are pretty common.
• 587 This is the emerging mail submission port for SMTP.  Authentication is required (password, login, or CRAM-MD5), and TLS (but not not SSL) is optional although I would highly recommend it.  More and more systems across the Internet are converting their SMTP users to 587 for sending email, so changing to this port is a good thing.  This is the port Comcast recommends you use going forward for sending email.

---

Baric wrote:

• 587 This is the emerging mail submission port for SMTP.  Authentication is required (password only), but SSL/TLS is optional although I would highly recommend it.  More and more systems across the Internet are converting their SMTP users to 587 for sending email, so changing to this port is a good thing.  This is the port Comcast recommends you use going forward for sending email.

---

Baric,

I had been using port 465 with Thunderbird using SSL and then tried switching to 587 with SSL and I was getting error messages about Comcast refusing the SMTP connection when I tried to send a message.

I then changed my outgoing settings from SSL to TLS and my send on port 587 worked fine.

JR

Interesting.  I just gave it a try and you're right it fails.  On port 25 it allows plain text, SSL, or STARTTLS, but 587 only supports plaintext and STARTTLS, no SSL.  That's just weird.  I'm pretty sure it used to support regular SSL, but I can't be sure now, it's been too long since I've tried it specifically. I just tried 465 and it supports SSL, but not TLS.  Way to go, Comcast.  Whatever happened to consistency?

And I'm getting indications that CRAM-MD5 authentication is available again on port 25, 465, and 587.

I'll mod the post, just so there's no confusion.  Thanks for the correction, JR.

---

Baric wrote:

Interesting.  I just gave it a try and you're right it fails.  On port 25 it allows plain text, SSL, or STARTTLS, but 587 only supports plaintext and STARTTLS, no SSL.  That's just weird.  I'm pretty sure it used to support regular SSL, but I can't be sure now, it's been too long since I've tried it specifically. I just tried 465 and it supports SSL, but not TLS.  Way to go, Comcast.  Whatever happened to consistency?

 

---

That's not quite right. I've been kind of a voice in the wilderness saying that SSL and TLS just aren't the same thing, but others have been saying that, as a practical matter, it doesn't matter because most clients handle the difference transparently. But, Pegasus doesn't, and here's another one that doesn't. Comcast is actually being consistent. SSL is about the connection itself, it's encrypted immediately upon connecting. Port 465 is the only SMTP port that supports SSL; if port 25 appears to support SSL, it's an artifact of your email client because port 25 just doesn't support SSL. TLS is encryption that is initiated by the STARTTLS ESMTP command, which is supported on ports 25 and 587. Although the difference is transparent with most email clients, TLS and SSL are actually mutually exclusive.

Similarly, POP3 port 110 supports TLS and port 995 supports SSL.

I have access to the email servers of my domain host because I've had my account with them for so long (almost 15 years) that it includes dialup access.  To access their SMTP server the only thing that worked was to use port 25 with STARTTLS, my domain username and password.  It's worked flawlessly for years and since I am a long time Pegasus user, I have both Comcast and domainhost SMTP servers set up and can switch seamlessly between them with a few mouse-clicks.

mady

---

Baric wrote:

25 The standard SMTP port.  It requires no authentication or SSL settings (although SSL and TLS are allowed).  It's open the Internet but will only send mail to Comcast customers, or from Comcast customers (based on IP address). 

 

You can use smtp.comcast.net when connecting from outside of the same way you use it when connecting from inside of Comcast, but you have to authenticate when connecting from the outside. And, you can't do *anything* without authenticating.

 

As such it's vulnerable to customers with infected systems and Comcast has begun blocking port 25 at the cable modem level for those it thinks are spamming.

 

While it's true that blocking port 25, thereby forcing authentication when using the Comcast SMTP servers, is beneficial, the main reason for blocking port 25 is so that spambots running on compromised computers can't reach the recipient servers out on the Internet.

---

steve-baker wrote:

---

Baric wrote:

Interesting.  I just gave it a try and you're right it fails.  On port 25 it allows plain text, SSL, or STARTTLS, but 587 only supports plaintext and STARTTLS, no SSL.  That's just weird.  I'm pretty sure it used to support regular SSL, but I can't be sure now, it's been too long since I've tried it specifically. I just tried 465 and it supports SSL, but not TLS.  Way to go, Comcast.  Whatever happened to consistency?

 

---

That's not quite right. I've been kind of a voice in the wilderness saying that SSL and TLS just aren't the same thing, but others have been saying that, as a practical matter, it doesn't matter because most clients handle the difference transparently. But, Pegasus doesn't, and here's another one that doesn't. Comcast is actually being consistent. SSL is about the connection itself, it's encrypted immediately upon connecting. Port 465 is the only SMTP port that supports SSL; if port 25 appears to support SSL, it's an artifact of your email client because port 25 just doesn't support SSL. TLS is encryption that is initiated by the STARTTLS ESMTP command, which is supported on ports 25 and 587. Although the difference is transparent with most email clients, TLS and SSL are actually mutually exclusive.

 

Similarly, POP3 port 110 supports TLS and port 995 supports SSL.

---

You're confusing the protocol with the way you initiate it. You can either connect to a port that's automatically encrypted (465 and 995), or you can connect to a plain-text port and then send the STARTTLS command to switch to encrypted mode. In either case, the encryption mechanism is the same, and it doesn't matter whether you call it SSL or TLS.

To put it another way, the STARTTLS command can be used to enable SSL. 

---

Barmar wrote:

You're confusing the protocol with the way you initiate it. You can either connect to a port that's automatically encrypted (465 and 995), or you can connect to a plain-text port and then send the STARTTLS command to switch to encrypted mode. In either case, the encryption mechanism is the same, and it doesn't matter whether you call it SSL or TLS.

 

To put it another way, the STARTTLS command can be used to enable SSL. 

---

I'm not confusing things, you are. It *does* matter what you call it. The underlying encryption protocol doesn't matter, what matters is email client behavior. If you call "it" SSL and tell Pegasus (and apparently Thunderbird) to use port 587 *you can't send email*! If you call "it" TLS and tell Pegasus to use port 465 *you can't send email*! Some email clients behave as if SSL and TLS are apples and oranges, *that's* what matters, not the underlying encryption methods. Arguing with me when I say, for example, that ports 25 and 587 don't support SSL is just adding smoke, not light.

I think you're making a mountain out of a molehile here.  Yes, some clients require more specific SSL vs TLS instructions since they don't seemlessly hide these details.  Clients like Eudora, Thunderbird, and Evolution come to mind, as well as Pegasus (which I have never used).  However, the really widely used clients like Outlook Express, Outlook, Windows Mail, and Mac Mail all hide the various versions of SSL and STARTTLS behind a generic "SSL" label, indicating that they all do the same thing, just in slightly varying ways.

Why don't you just put together a post that details exactly how you have to configure each client to use the various ports and SSL settings?  I'm sure users of those client would be grateful.

Geez, I'm beginning to wish that I never had posted what I had to do in Thunderbird to use port 587

JR

Four pages of this... I have had trouble with comcast since it took over Road Runner.  I have been using computers for over 20 years and am no noob when it comes to knowing what to and what not to do.  It took me nearly a week of dealing with the fact that I couldn't send my work .zip files through comcast when just the day before on Road Runner there were no problems.  On top of this... this blocking spam from my computer(s), getting e-mail from someone using the same e-mail address, which I had first, which indicates to me that they are getting sensitive medical e-mails from my work, which could be a serious problem if anyone ever took it too the next level for my work, me, and this company. 

I did all the checking noted at the beginning of this thread for all my computers.  None, nil, zip, nadda, ziltch.  I have some of the best anti-spam, malware, virial, firewall, protections in redundancy out there that is updated daily and computer is scanned dail.  No programs are ever installed on these computers and are set to disallow it for the last two years.  These are work computers.

I realize that things change and there are vicious people and companies out there that are trying to make a buck anbd harm others because they think it is funny or what ever reason they can justify when they look themselves in the mirror in the morning or get to sleep at night with a clear conscious....  BUT...  this is becoming a pure pain in the rear, these continuous problems with comcast that I know are comcast related but keep getting told to do this or that and that it is MY problem or MY issue or MY computers.  Am I looking for a response?  No.  I have wasted enough time on this today and have another 10 hours of work to do on top of the six I have already put in.  Fix it.  We spend way too much money on this to be having these kinds of problems.

Even though you say you aren't looking for a response, you clearly are.

What problems are you trying to resolve?

1) What preoblem(s) led you to this thread in the first place?  

2) Can you now send that zip file?

3) No two people can have the same email address, so that sounds like you either have someones previous address, or they have your old Road Runner address. Since your email address is your name, this isn't too unlikely. Make sure your company and any other contact has your updated email address.

4) Spam isn't generally sent for fun, it's a business, a very big business and it's worth a lot of money to those in it. Just google the liked of Scott Richter and you'll see how many millions he purportedly pulled in per year. More and more though, it's not individuals like him, it's Russian mob that is behind much of the spam.

5) Again, what problems are you trying to solve that bought you here?

You think you have it bad with a PC, we have a iMac and don't experience the security problems that PCs do but we just got blocked. We don't send out hundreds of emails so the volume excuse for blockage isn't an issue and all SPAM and junk mail is automatically flagged and dumped.Macs have much better Firewalls and little to no virus problems, so I can't even beginning to think about what the problem is.

Spent over 3 hours on the phone (mostly waiting and listening to elevator music) trying to get some help and explanation of why we got blocked only to be transfered from one department to another and lost in translation. Not that I expect much help.

Having just received a rate increase and now blocked does make me wonder what Comcast is pulling since they have a cable monoploy in our area and feel free to act anyway they please to the 'little guy'. Either that or they got SPAMmed and aren't willing to admit it and are franticallyscrambling to fix it while deflecting very angry customers.

---

ewe2 wrote:

You think you have it bad with a PC, we have a iMac and don't experience the security problems that PCs do but we just got blocked. We don't send out hundreds of emails so the volume excuse for blockage isn't an issue and all SPAM and junk mail is automatically flagged and dumped.Macs have much better Firewalls and little to no virus problems, so I can't even beginning to think about what the problem is.

 

Spent over 3 hours on the phone (mostly waiting and listening to elevator music) trying to get some help and explanation of why we got blocked only to be transfered from one department to another and lost in translation. Not that I expect much help.

 

Having just received a rate increase and now blocked does make me wonder what Comcast is pulling since they have a cable monoploy in our area and feel free to act anyway they please to the 'little guy'. Either that or they got SPAMmed and aren't willing to admit it and are franticallyscrambling to fix it while deflecting very angry customers.

---

It's most likely that someone from a partner ISP reported a message you'd send as spam which came back to us and we blocked your modem. We have no idea what equipment you have on your network so we have to take the precaution that your systems might be infected and put a block in place.

One thing to check that is often overlooked is your wireless connection. Make sure it's locked down with WPA (WEP can be broken easily now) and your passwords are strong ones. You'd be amazed how many people piggyback off other peoples wireless connections. Another thing to consider, especially with Thanksgiving around the corner, is visitors with their own laptops that you allow on your network. You can't always be sure they are clean and clearly it's difficult to ask someone if you can scan their machine before you allow them to use your connection.

These are some things to think about. In the meantime, just switch to 587 or 465 and you can continue as normal.

I did switch to 587 and within a few moments of doing so got an email from Comcast saying my email upgrade to SmartZone will be complete shortly. I never to an email informing me that my email was being upgraded. Was that a conincidence or was Comcast pulling something to get me to change to 587?

And why didn't I get any proof that my email had been wrongly used before getting blocked? If I'm abusing the systems yes, I should receive 'punishment' of being blocked. But if I don't know then how can I be sure that it's actually Comcast sending me the email notice and not SPAM? And going to those supposed websites for help won't infect my computer? How is it fair that I get blocked for something I didn't do or know about just becasue someone says so without proof?

---

ewe2 wrote:

I did switch to 587 and within a few moments of doing so got an email from Comcast saying my email upgrade to SmartZone will be complete shortly. I never to an email informing me that my email was being upgraded. Was that a conincidence or was Comcast pulling something to get me to change to 587?

 

And why didn't I get any proof that my email had been wrongly used before getting blocked? If I'm abusing the systems yes, I should receive 'punishment' of being blocked. But if I don't know then how can I be sure that it's actually Comcast sending me the email notice and not SPAM? And going to those supposed websites for help won't infect my computer? How is it fair that I get blocked for something I didn't do or know about just becasue someone says so without proof?

 

---

Just to let you know that most major ISP's are blocking port 25 now.   It's just not Comcast.

JR

JR

It sure would have been nice and a lot simplier if Comcast had just said...Switch to 587

Actually, this forum was more helpful that Comcast. What took me 3 hours on the phone and trying all the links they supplied - none of which worked - I found the answer here in about 5 mins.

Don't feel too badly......

"It" happened to me yesterday (11/22).....the dreaded "letter" from Comcast alerting me to the fact that henceforth "my" port 25 was blocked due to a "report of spam" from some e-mail I sent....

Like many others, I called CC and talked to a CSR....he was VERY sympathethic, but steadfast - in that, once port 25 is blocked....that's it....so...a SMTP redirect to port 587....I'd already done this when I talked to the CSR.....he assured me it was more than likely someone either accidently hitting the "Report as Spam" button on a reply I'd sent them.....or some other anomoly....NOT anything I'd done "wrong" or illegal....

End of the day...if 587 works as well a 25....fine by me!

Well, I see Comcast still won't admit Mac users were targeted unfairly by them.

Now I had to set up mail again and of course it won't work.......

Where are the instructions to set up port 587 for a MAC that is CURRENT and not from 6 years ago?   REAL instructions for a CURRENT MAC computer?

Current Mac instructions:

http://forums.comcast.net/comcastsupport/board/message?board.id=8&thread.id=7633

Note that Apple changed one of the settings to be 'Use default ports (25, 465, 587)' in a recent update. Mine is working with that. I was falsely accused of sending spam a while back and changed it as noted in that thread.

Beth - Thanks.   I remembered you from back then when all the Mac users were hit in June or so.   You were one of the few that were helpful.

That said, it's inexcusable for Comcast to continue to post non current instructions on this.  I'm STUNNED to find this unfixed after all these months and complaints.    I'm very leery of companies that aren't Mac friendly since Apple is taking over the world and gaining massive market share percentage with every earnings report.   Such companies that don't get that and treat Mac users as "secondary" or offer less support - I have no faith in as they are clearly not forward thinking.

---

Ldefrenne wrote:

That said, it's inexcusable for Comcast to continue to post non current instructions on this.  I'm STUNNED to find this unfixed after all these months and complaints.    I'm very leery of companies that aren't Mac friendly since Apple is taking over the world and gaining massive market share percentage with every earnings report.   Such companies that don't get that and treat Mac users as "secondary" or offer less support - I have no faith in as they are clearly not forward thinking.

---

I think you are overstating the seriousness of this. The comcast help pages for setting up the Mac are easy to follow and if you haven't updated your MacMail are indeed accurate. Can you state for sure, everyone has updated, everyone is on leopard?

I'll ensure we address the FAQ to offer screenshots of the different settings, but in my experience, anyone who uses a Mac would be able to interpret the change to 587 and we've seen a lot less complaints about subscribers unable to figure this out on the Macintosh forum than we ever see on the general email forum regarding Outlook.

Again, i'll get this addressed, but I don't think it's "innexcusable" and it's certainly not an example you can use to exclaim Comcast treat Mac users as secondary.

Look at it this way, from our perspective, we offer a connection, it's up to you what client (or not) you use but we can only directly support the very most popular clients on our network since that requires training for our CAEs. By far the most used clients on our network are from Microsoft so that is where we must focus our support. However, in order to provide as much help as we can, even indirectly, the help pages do indeed offer FAQs for the most popular clients, but with hundreds of email clients available, again we have to limit the amount we can indirectly help with. Now if the software writers decide to update their software and change it, we'll adjust as necessary but it's not going to be a top priority and again, now you have multiple revisions of a single client you need to track, not just multiple clients. With all the clients available, the problem gets very big very quickly.

Overestimating the seriousness?   That the instructions listed are over a year old?  So Comcast pics an arbitrary edition of OS X to post instructions for and they are over a year dated.  That makes sense?

The area to change the port in any current version is very different than the instructions.  Where does it say to "edit server list" drop down box and by doing THAT - that is where you change the ports?   No.  It's not obvious.  Yes I feel it's inexcusable to not have simple proper instructions on a massive company's site.  You bet.  How hard is it to tweak?  Would likely take 10 minutes to add a line for Leopard users, such as (Leopard users - click the **bleep** drop down box "edit server list", etc.)

Now.  It would also be REALLY nice if every time I try to send, receive, poll my comcast box - that I don't get a pop up window asking for my password.    

Again can you confirm all Comcast subscribers have updated to Leopard and the latest MacMail?

Even Apple still reference the old mechanism for Tiger.

http://docs.info.apple.com/article.html?path=Mail/2.0/en/ml1049.html

So, to address this correctly we need to create alternate paths for the two Mac Mail environments and provide different solutions. This isn't trivial, although I'm very sure you believe it is.

Again, support for all clients except in the stated 'supported' list are 'best effort only' and this change in screen layout has not presented itself as a big issue anywhere yet. In fact Apple did a nice job between the two and the new screen is just as easily understood by the average user, which probably explains why we've seen so few questions about it.

---

Ldefrenne wrote:

Overestimating the seriousness?   That the instructions listed are over a year old?  So Comcast pics an arbitrary edition of OS X to post instructions for and they are over a year dated.  That makes sense?

 

The area to change the port in any current version is very different than the instructions.  Where does it say to "edit server list" drop down box and by doing THAT - that is where you change the ports?   No.  It's not obvious.  Yes I feel it's inexcusable to not have simple proper instructions on a massive company's site.  You bet.  How hard is it to tweak?  Would likely take 10 minutes to add a line for Leopard users, such as (Leopard users - click the **bleep** drop down box "edit server list", etc.)

 

Now.  It would also be REALLY nice if every time I try to send, receive, poll my comcast box - that I don't get a pop up window asking for my password.  

---

It is inexcusable for a computer user to not know how his computer and installed applications work. It would take about two minutes to look at the manual or do a Google search to determine how to change ports on your system.

This thread has now become corrupted imho. Maybe someone could break out these most recent posts so that anyone coming here to read about the subject of this thread can do so without having to wade through the rants.