Comcast Thinks About Stopping Zombies

LehiNephi writes "Comcast has finally admitted that its users are responsible for a large amount of spam, and they are thinking about how to stop it. Apparently they haven't been turning a blind eye to the problem after all. The simple, blanket approach of blocking all traffic on port 25 would have too many side effects, particularly for users running their own mail servers. However, they can block that port on individual cable modems-a sort of surgical strike. As far as I'm concerned, the sooner they implement this, the better!"

Nope.

There is actually an 'official' alternate port for this purpose. See:

http://www.ietf.org/rfc/rfc2476.txt

Re:why port 25

[Caradoc]

If the spammer wants to *send* spam out, they're going to aim at port 25 on the target box.

If they aim at any other port, they're very likely to see nothing but "Connection denied" messages.

I've already got most of Comcast simply blocked from my mailservers, simply because I never see anything but spam coming from them: /^.*\.client\.comcast\.net/ 550 comcast direct-to-mx

If they REALLY want to send me e-mail, they need to send it through a non-client address (for example, through Comcast's own mailservers...)

It's nice to see that someone at Comcast is waking up, though. I'd been reporting spam coming from a triplet of IP addresses for approximately four months before I simply blackholed the entire /24 there.

Now, to see if they can actually *do* anything about the problem they just noticed...

Comcast's Agreements

[Roguelazer]

Anybody here ever read a Comcast Usage & Subscriber Agreement? I have. They're quite... chilling to read. Lots of people have posted about the forbidding of running a server of any kind, so here it is: Acceptable Use Policy

The area you're referring to is

(xiv) run programs, equipment, or servers from the Premises that provide network content or any other services to anyone outside of your Premises LAN (Local Area Network), also commonly referred to as public services or servers. Examples of prohibited services and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;

For example, take a look at this quote, which makes my browser's caching of Slashdot's GNAA posts illegal:

(ii) post, store, send, transmit, or disseminate any information or material which a reasonable person could deem to be objectionable, offensive, indecent, pornographic, harassing, threatening, embarrassing, distressing, vulgar, hateful, racially or ethnically offensive, or otherwise inappropriate, regardless of whether this material or its dissemination is unlawful;

Try reading this one: Subscriber Agreement. This section, in particular, gives Comcast permission to view any information transmitted over the network from or to you:

Comcast shall have no obligation to monitor postings or transmissions made in connection with the Service. However, you acknowledge and agree that Comcast and its agents shall have the right to monitor any such postings and transmissions, including without limitation e-mail, newsgroups, chat, IP audio and video, and web space content

Section 9's cool too. It says that you waive the right to sue them in a real court, but instead will have a hearing before a "neutral arbitrator". Anyhow, you should read all that stuff. Some of it's absolutely unique.

If I don't get modded up for this, I'll be amazed

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How to tell?

[bigberk]

Is there an easy way to tell if your own computer is a zombie spambot?

Yes, there is! If your IP is sending spam, believe me, we will have noticed via our extensive spam traps. Just query your IP at OpenRBL or at dnsstuff to see if you're blocked due to spam received from your IP.

Note that you can also appear on blocklists for various other reasons. So look into why you're blocked. If you're listed on AHBL, CBL, SpamCop, WPBL for example then your host is probably infected.

IAAMCCNE

[papasui]

I am a major cable company network engineer... and while the idea of allowing certain people access to having the ports open is nice in theory, it would be nearly impossible to implement on a large scale operation. With existing infrastructure all restrictions are placed in the access control list on the CMTS router. Without purchasing additional firewall equipment that can service a 1/2 million customers, which would run upwards of hundreds of thousands of dollars. The only way to selectively allow individual ip addresses to be able to use outbond would be to have individual allow statements for each customer who requested it placed on the ACL. Since nobody but the network group is allowed access to these systems we would need individual people dedicated to simply adding ip addresses to the ACL. And of course since each time a packet on port 25 is sent the entire outbound port 25 ACL is processed the load on the routers would be so high that additonal upgrades would be necessary. The entire reason to block all outbound port 25 connections is to stop those with viruses/spam relays from causing the isp's email server from ending up on blacklists from the likes of AOL, earthlink, and other very large isps. So the trade off is you inconvince those customer's who are already violating the acceptable use policy by running a prohibited email server or force them to use your outgoing smtp server. In the end the vast majority of customers are much happier because their email works better, has less spam and garbage and the isp has less work to do by contacting and disabling the service of those customer's spreading viruses or spam via email. If your the type that needs a service that allows servers, static ips, 4 hour service resolutions, higher upload then you can pay extra for those things and get a business class connection. That's really what it boils down to.