I was lazily scrolling though my Google Reader feed this afternoon when I saw a Tweet from the Electronic Frontier Foundation that caught my attentions
Researcher reports T-Mobile UK is using #DPI and packet forgery to jam SMTPS email encryption and VPNs https://eff.org/r.N98 #netneutrality
I at first thought it had to be a mistake, that there was no way such a large carrier would do something so egregious… Why I thought that, I’ll never know.
If I connect to my mail submission service with immediate encryption on port 465, T-Mobile instantly sends a spoofed RST TCP packet to both my server and my client in order to disrupt/disconnect the connection. I ran tcpdump on both ends of the connection to verify that this was happening. They also do the same for mail submission port 587. This time, they let you connect, but as soon as you send a STARTTLS command, the RST packets appear, and the connection drops. This isn’t just for my mail server, I experienced the same problems using smtp.gmail.com as well.
Shame on T-Mobile.