Comcast Thinks About Stopping Zombies
LehiNephi writes "Comcast has finally admitted that its users are responsible for a large amount of spam, and they are thinking about how to stop it. Apparently they haven't been turning a blind eye to the problem after all. The simple, blanket approach of blocking all traffic on port 25 would have too many side effects, particularly for users running their own mail servers. However, they can block that port on individual cable modems-a sort of surgical strike. As far as I'm concerned, the sooner they implement this, the better!"
Comcast cable modem customers aren't allowed to run mail servers anyway, so I doubt the side-effects would bother them
I think it's a good idea. But why stop there? Disconnect the zombies until they fix the problem on their computer.
What if they had a *simple* process for registering your mail server with them? 5 minutes, maybe $20 and that's it?
People who run their own mail servers are control freaks and had better be technically minded enough to call the Admins at Comcast in order to register their mail server.
Otherwise, who'd notice or care?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Why don't they block it on ALL cable modems and let people unblock it if they wish? The majority of users who go through the trouble to unblock it are going to run secure machines. Even if they don't, it's going to reduce the number of spam bots.
And they won't have the privacy advocates all over them...
For example, ISPs that send me plenty of spam and viruses relayed through their main mail servers are: arnet.com.ar, bigpond.com, btinternet.com, libero.it, singnet.com.sg, videotron.ca, wanadoo.fr
Case in point. Blocking port 25 doesn't stop spam. Booting your spamming customers does.
They now have a choice - how much is it going to cost them if they do NOT implement some policy that prevents their users from spamming the entire world, and they end up getting all of their e-mail blocked?
And how much money could have been saved if they'd implemented such a policy when people started telling them it was a problem (it's been several years since people started telling Comcast that their users were a load of USDA Prime Clue-Free Spam Zombies...)
It's interesting how much money can be saved by paying attention to the small, seemingly innocent details before they add up to be monstrous problems.
Specialization is for insects. - R.A.H.
From the comments so far I've seen "I don't have the money to pay for a static IP address.", I know that it sucks that not everyone can have static IP addresses, but that's something you should take up with your provider. Why should the rest of the Internet Service Providers out there pay for your ability to send email from a dyanmic IP address? You can't begin to imagine how much spam we are able to drop because of those two simple blocks (client.comcast.net and client2.comcast.net)... It's to the point where we would need to add at least another mail server to accept the email coming from those ranges. That's simply not something we are willing to do when 99.9999% of all email from those dynamic ranges are spam.
:-)
You can blame me and the other ISP's out there that refuse to accept mail from dynamic ranges, but you should be blaming the spammers for ruining email as we know it, and you should blame your provider for not allowing you to have a static IP address.
The ISP I work for only does Static IP addresses (except for dialup customers), all of our DSL customers are allocated a static IP address. This is common if you shop around. From what I understand there are many bigger providers that will allow you to have a static IP address for a few more dollars a month if you can show that you are not using it for commerical purposes, furthermore ISP's like SpeakEasy offer static IP addresses as a part of their typical DSL offerings (no i don't work for them).
Also, if you're running a server on those dynamic ranges with Comcast you are clearly violating their TOS. Again vote with your wallet and find a provider that is more reasonable with their TOS and IP space. Or get a few friends together and pitch in for a virtual server somewhere. You can find a decent virtual server that will suit all of your needs for less then $50 a month, hell get 5 friends together and it's only $10 a month, surely you can afford that. Plus you can say you have your own server somewhere.
This story is about compensating for users who are unaware that their computer has been trojaned and is emitting spam. Is getting kicked off your ISP a suitable punishment for that? Comcast is doing the minimum necessary to keep the most people possible happy (except the spammers, and apparently you).
Speakeasy lets us run whatever the heck we want. Then again, every month or so I see their relay testing in my Postfix logs. It's a strange concept: innocent until found guilty.
Just because you can't think of a reason to not use the Comcast server does not mean there are not good ones. I've recently been put in the same boat by BellSouth, and I assure you there are good reasons for not wanting port 25 blocked.
First of all, if you, like me, have a notebook and actually move frequently from location to location (home, work, family and friends houses, public sites with wireless access) then you want to be able to configure your mail client so that it will reach a mail server that you can log into and not have to change settings every time you change location. If you have a mail server outside of a "me only" mentality ISP then this is simple and straight forward. But when the ISP blocks port 25 (as well as not letting you use their meil servers whenever you're not originating from their network), it's a royal pain in the ass to reconfigure all the time.
Also, if you, like me, administer or help maintain a valid mail server off of the Comcast network, you may well find it important to actually send mail through this server. Or you might even have a company policy that states that all business mail must be sent through the compnay mail server. No problem if port 25 isn't blocked and you log into the server you want. Big problem if some short sighted system administrator at your ISP insists that everyone should be expected to use the Internet in exactly the same way.
And I can't speak about quality of service at Comcast, but at BellSouth the mail server is frequently down. This was not a significant problem if I had to send time critical information out as long as I had port 25 open and could log into one of the other servers I use. Now it's a problem even from my desktop system.
Fighting spam is great, but fighting stupidity is even more important.
I'm an American. I love this country and the freedoms that we used to have.
The system lets the user out of isolation 30 minutes after the reason for isolation has disappeared. Though there are some users who get into isolation, out of it, back again all day long. One has to wonder what the users is doing with the computer? Just having it on, warming the house? Cause they can't surf the net, they can't send email...
This system has reduced outbound spam drastically! And the best part is, we don't have to find out who is infected (dynamic IPs) and then try to contact the end user (many times not the one who pays..).
here's the manufacturer's slide show (don't slashdot him to death..)
Them: "How may we help you?"
Me: "Please unblock TCP port 25, both ways"
Them: "OK" , we could do it for 5$ a month
After all, why should millions of people have not to pay for ten of thousands of needed ports ?