Broadband ISP YouFibre UK Set to Block Internet Email Port 25 from Friday UPDATE
Internet service provider YouFibre, which is one of the main retail outlets for Netomnia’s growing national Fibre-to-the-Premises (FTTP) based broadband network, has informed customers that they intend to impose a block against internet traffic on Port 25 (SMTP) from Friday (16th January 2026).
Broadband ISPs usually try to steer clear of blocking internet connectivity and services if they can help it, although it should be said that port 25 has been blocked by various other providers over the years to help prevent email spam. The port was historically used for the Simple Mail Transfer Protocol (SMTP) relay between mail servers (i.e. sending emails), which is usually not encrypted.
However, these days it’s more common for email servers and systems to use Port 465 (legacy SMTPS), Port 587 (submission) or Port 2525 for the secure variants of SMTP (SMTPS etc.), which will usually be encrypted using the SSL/TLS standards or similar methods.
Advertisement
Suffice to say that customers of YouFibre shouldn’t be too alarmed after the ISP emailed them this week to inform of the impending change (credits to one of our readers, Joe, for the tip), although there’s always some risk from the unintended consequences of such moves (i.e. the possibility of catching niche use cases, which may make different uses of the same port). The fact that there’s only been a few days notice given is another issue.
Copy of You Fibre’s Email
We are doing a security update on the YouFibre network
Dear XXXXXX,
As part of our regular updates to the security of our network, we are implementing a new security measure – the blocking of Port 25 (SMTP).
This change will take effect on Friday 16 January, 2026.
Why are we doing this?
Port 25 is traditionally used for sending emails via the Simple Mail Transfer Protocol (SMTP). Unfortunately, it is also commonly exploited by spammers and malicious actors to send spam and phishing emails, often from compromised computers within our network. By blocking Port 25, we will reduce Spam and Phishing Attacks.
What you need to know
Although this change won’t impact most of our users, those using Gmail, Outlook or other web based email will be unaffected, it may impact some of our customers, particularly those who operate their own mail servers or use email applications configured to send emails via Port 25.
Here is what you need to know:
1. Email Delivery via Port 25: If you are using an email client or service that relies on Port 25 to send emails, you will need to reconfigure it to use an alternative port. Common alternatives include Port 587 or Port 465, which are typically used for secure, authenticated email submission.
2. Support and Assistance: If you need help reconfiguring your email client or server, please contact your email provider.
How to change your email port settings
To avoid disruption in your email service, please follow these steps to change your port settings:
1. Open your email client settings.
2. Locate the outgoing server (SMTP) settings.
3. Change the port number from 25 to 587 or 465.
4. Ensure the “Use secure connection (SSL/TLS)” option is enabled.For more information see our help article: Why Can’t I Send Emails on My Connection?
We believe this change will significantly enhance the security and efficiency of our network. Thank you for your understanding and cooperation as we implement this important security measure.
Best regards,
The YouFibre Network Team
UPDATE 15th Jan 2026 @ 11am
YouFibre has confirmed that the port 25 block will apply to both inbound and outbound traffic for CGNAT (default) users on IPv4.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Virgin Media O2 Notifies Some 300 UK Staff of Potential Redundancies
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message and display names can be almost anything you like (provided they do not contain offensive language or impersonate a real person's legal name). By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Port 587 is for submission not the same thing as SMTP. Port 25 is perfectly fine, using StartTLS connection upgrades and enforcing it is perfectly acceptable. I run my own mail server, I hope this can be turned off by request for customers with fixed IP addresses, otherwise YouFibre will have to be excluded from consideration for many tech savvy users.
Also hope it can be turned back on as also running local email server. No ideas how ir is with different email servers, but iRedMail 25 port is REQUIRED.
Hmm, maybe only outgoing traffic will be blocked, as I sending emails over 587, but receiving over 25 port.
I have email, cloud e.t.c. at home as I prefer privacy.
Still waiting for Youfibre, but that can mean, that I need another connection just for emails.
They need to reverse this decision as, like @Andrew said, next will be 80, 443 ports.
Its not great if you work in Cyber Security!
What about the commitment to end to end connectivity?
Yes they support both IPv4 & IPv6.
I mean, it’s weird they hadn’t done it already lol. I’ve been a customer for a year and never thought to even try as I thought it was just the done thing these days. What’s next, we’re going to disable telnet?
Screw self hosting…. May as well block all ports that aren’t 80 or 443, no fun allowed
You understand it’s CGNAT, you can’t self host behind that anyway
CGNAT does make self-hosting much more tedious, but technically you can still get creative to make it work with things like VPNs, Cloudflare Tunnels and other methods. But such an approach is obviously far from ideal.
I hope my ISP don’t follow this mess they clearly don’t understand that port 25 can use StartTLS and that google and others only sends mail to ones mail server by port 25, also Certificates are done by Email to validate your IP for a given domain if thats the method one wishs to use. This does not help IPv4 as you then need at cost to relay port 25 to another IP to then map to another port to your IP.
They only need to block outgoing port 25 not inbound
@Peter: Inbound port 25 cannot work under CGNAT unless the ISP manually created a port‑forward from a dedicated public IP – which they don’t do. Blocking port 25, which seems unnecessary, is still needed because YouFibre supports IPv6 where every device gets a public address, so consumer ISPs block dodgy inbound IPv6 ports like 25 (SMTP), 135-139 (NetBIOS/Windows Sharing) and 445 (SMB) across their entire network. Other ports blocked can include 21 (FTP), 69 (TFTP), 512–514 (r‑services), 1900 (UPnP/SSDP), 3389 (RDP), 7547 (TR‑069) and 5000–5001 (even though recommended by Synology). I’ve heard that some ISPs even block all inbound IPv6 ports.
Netomnia has resellers with their own networks, away from this block.
Presumably the only to get around this is with a VPN.
I am not affected, but I am wondering if this change could be used to cancel the service without early exit fees.
Blocking port 25 by default is not a terribly bad idea, if they provide an easy way for the users to disable this if they need it.
Yes it can according to their support numpties.
If this is just a “alignment with brsk’s policy” its not the end of the world.
brsk has been blocking port 25 for CG-NAT’ed customers for a while https://help.brsk.co.uk/en/articles/11928523-advanced-troubleshooting but the block doesn’t apply to those with a static IP (their BeteerIP product at £5pm), if you are self hosting stuff, you prob already using a static IP.
Time to sign up to another Andrews & Arnold L2TP service me thinks.
A&A only resort to blocking ports if you have repeated security lapses and fail clean up your act, which is fair in my opinion.
Yes but having all your internet traffic funnelled all the way back to their 2 LNS’ in London isn’t exactly appealing either. I’d prefer a network with national dns and cdn coverage. Aka the 4 big players
A few things to add to this based on conversations with support.
1) This isn’t just affecting their CGNAT customers. Fixed IP services are also impacted. This makes sense given no-one’s going to be hosting a mail server behind CGNAT.
2) They don’t allow any form of opt-out other than cancelling your contract. I was offered this without termination fees because they agreed that it clearly constitutes a material breach of contract.
3) Their CS team have absolutely no clue at all whatsoever how anything works. Even the team leads have less knowledge about IP networks than my cat.