We are currently testing a new option that may help people send mail without using a third party service. If you are interested in testing this product, please fill out the interest request form here1. Product Management for the feature may reach out to you.
We are also continuing to make improvements to our system to allow for some customers that have an established relationship with us to apply for an exception to be able to send directly on port 25. There are a number of IP reputation issues that have to be worked through for such a use case, so it should not be considered a common solution that will meet everyone’s needs.
We will have more updates on both of these items over time.
An error occurred while saving the commentLorant Nemeth commented
After convincing the customer to move their workloads to GKE and having one of their applications (does not need port 25) running in production @google ready, now we'll move all applications back to Amazon (they don't want to have two cloud service providers for their two applications) only because of this limitation (they are required to used their customers SMTP servers, which many still use port 25).
Before we start moving back things, can you confirm, that there's not even a manual process in order to enable port 25? I can provide valid use-cases, company background...
Also I'm not sure about the motivation here. Why allow port 465 and 587, but not 25? One can spam just as fine through a TLS connection (assuming no client cert based auth) if there's no authentication enforced (or an account is leaked) and/or the mail server is misconfigured (ie: open relay).