DigitalOcean has blocked ports 465 and 587 on droplets. They claim they did it on March 6, 2025, but for me 587 worked until March 15. The measure was not announced beforehand to give users time to find workarounds, or request the ports to be kept open. Here is the announcement:

6 March

SMTP ports 465 and 587 are now blocked on Droplets.

I doubt DigitalOcean users keep checking their release notes daily to see what is going to be broken next. I know I don't. Proper procedure would have been asking users first, or at least informing them beforehand.

Here is the copy-paste excuse their support is offering:

This is happening because ports 465 and 587 have been blocked on droplets as of March 6, 2025. This is to make sure that the DigitalOcean servers are not used to send spam emails. Our team has updated the users about this at the following links: https://docs.digitalocean.com/#2025-03-06

I do understand getting a bad reputation as spammers and having your IPs blacklisted is bad for business. However, I believe such a measure of blocking ports is nuclear unless DigitalOcean Is hosting mostly spammers. They are already discouraging users to have their own email servers. That should have been enough together with blocking droplets case by case if they are were actually used for spamming, not a blanket and automated spam using service wide firewall.

If is happened to you, too, you have the following two options:

1. Move your droplet to another cloud which allows smtp traffic. This would also eliminate the risk of similar incident happening again with DigitalOcean.
2. Send a plea to DigitalOcean support with use case for forwarding it to their security team and hope for the best. And then wait for the next surprise to mess up your systems.

And their instructions to all the screwed customers:

To unblock your ports, please clarify the specific use case. Additional details about the context and intended functionality will help us better understand your needs.

After that once we get the use case from you I have to submit a request to our security team. We will inform you once we receive an update from them.

Needless to say, they refused to unblock ports and instead continued peddling the paid services of their partners:

We have reviewed the account and We would like to encourage you to explore alternative solutions such as SendGrid, Mailgun, MailChimp, etc. which offer reliable, managed email delivery services with built-in security features to stay secure.

Please find more details about SendGrid’s integration with DigitalOcean here: SendGrid Marketplace 1-Click App

If you are using SendGrid over any of the blocked SMTP ports, we recommend switching to the SendGrid REST API method to restore functionality.

Changing hosting provider will be safer, cheaper and easier than battling again with SendGrid, Mailgun, or MailChimp. Case closed.
Frankly it never even occurred to me that a hosting company could do something like this, although I have seen quite a lot of bad shit with Dreamhost and GoDaddy.

Happy hacking,

Santeri