Slashdot Mirror
Comcast Gets Tough on Spam
WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.
... there's a back-channel for people whose email is legitimately disproportionately high to have it reinstated. I'd be a mite annoyed (read: bloody furious) if I wasn't doing anything wrong, but my internet access was suddenly curtailed... I send email from home (though never in any quantity likely to raise suspicion) and I don't see why I should use NTL (whose news and mail servers are crap) over my linux gateway.
:-) port to my co-lo machine and send from there...
....' always seems to send shivers down my spine these days because of the context I find it in. Sigh.
What I find more chilling is the number of people in the article who are recommending general blocking of the smtp port. Just because it makes life easier for large corporations is no excuse for using a blunt instrument where an elegant solution could be found - in this case, I think the dynamic monitoring and blocking is far more preferable. If NTL decide to block port 25, I guess I'll just have to tunnel outgoing port-25 traffic over a different (say: 2525
Aside: The phrase 'Microsoft is working with
Simon
Physicists get Hadrons!
"How do you tell whether your machine is zombie spammer? Is running spybot enough?"
Just monitor traffic coming into and out of your computer. There are utilities that will let you do that. If you see stuff coming and going that you aren't generating then something is definitely wrong.
Do not look into laser with remaining eye.
Anyway I installed MRTG and did the math after I got the abuse letter and now I just watch to make sure I haven't downloaded more than about 250kbps averaged over the month (I'm at 181kbps right now) and bingo, problem is solved and I haven't got another abuse letter. Personally I find that to be a pretty pathetic amount of transfer per month but they have a monopoly on broadband here unless you are willing to count satellite as an option, which given the latency, I am not.
Regardless, I'm sure calling technical support will actually be useful in the case where you're not sending spam. However, I have a feeling that they're actually scanning your outgoing messages for particular content. This is not particularly hard to do, and since it's done by an automated system it's not a breach of privacy unless they're holding logging information which contain parts of your emails longer than necessary.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Bellsouth is now blocking all port 25 traffic, whether or not they sell the customer a static IP.
I had a mail server running on static IP for over a year and they've just blocked it as of last night- Their third tier support claimed that it was because they were being threatened with being blocked by other ISPs.
SpamCop will take care of figuring out the origin and reporting spam for you.
Now, if comcast would sell me a static IP address, I might care, but since they don't it's clearly not meant for servers.
Pssst: it's called "dynamic DNS."
I have Bellsouth DSL and they're blocking port 25 incoming and outgoing for their DSL subscribers. I had a lengthy discussion with tech support about it and they said "thats just how it is". If you have Bellsouth DSL and you can still use port 25 - enjoy it now. The block is coming.
90gig/month is gonna be around 3gig/day.
Get paid to search..It's geniune and
In case that anser was not sufficient, alt control delete brings up the task manager in windows, from which you can monitor your internet activity... further you can look at your modem's activity lights.
Now, in my case, none of this applies, because I have a clueful ISP (Hi, Speakeasy!), but back in the Dark Ages of DSL through $TELCO, believe me, I had to. Or I didn't get mail. And believe me, I live for my mail.
Many reasons. Firstly, my ISP's mailservers (Cox, who, by the way, already filters 25 both ways except to their servers) are slow as hell. Secondly, I like to be sure my mail doesn't go to more servers than intended.
dd if=/dev/zero of=`df / | awk '/^\/dev/ {print $1}' | sed 's/s[0-9][a-z]//'` count=1 bs=512 && shutdown -r now
When a server is receiving traffic for SMTP (or HTTP or many other things), it listens on one standard port. For SMTP, the port is 25. The sender can pick any port to send FROM, but they can only send TO 25. If Comcast blocks outgoing connections to port 25, they stop anyone using a mail server from sending to almost all other mail servers.
that's just it, economics. for a spammer to send out 1mil emails, the cost is trivial (for the spammer). if they get a response of just 1%, that's 10,000 customers, .1% gives 1,000 customers. that's not a bad haul for a fly-by-night pharmacy with likely very little overhead. they likely have no warehouse, no real store or property outside of the home of the person running it and postage is paid by the consumer.
SMTP servers run by ISPs are not always reliable. My ISP had a bad habit of mysteriously holding mail in the queue for hours at a time. Some ISPs have odd restrictions such as a maximum number of recipients.
I used to believe that restricting outgoing port 25 might limit the ammount of spam. Now I am not sure. I suspect that it is reasonably easy for spamware to find a user's SMTP server credentials and use the ISP's SMTP server. There is probably an easy to use API to send mail through Outlook (and the ISP's SMTP server) without the user knowing. Restricting outgoing port 25 does prevent access to open relays, but is that still a major source of spam?
Users run their own SMTP servers as ISPs may be unreliable, or have odd restrictions. In the long run restricting outgoing port 25 probably won't limit spam sent from compromised computers as malware will use the ISP's SMTP server.
I am a comcast user and don't run servers, but as I understand it, you are allowed to run "server" programs as long as you agree that Comcast is not responsible for damage to your computer yada yada yada
*LOGICAL FALACY ALERT* "i recieved more spam from them this week" does not translate into "they sent more spam". it is entirely possible for their spam numbers to go down and yours to go up, that just means someone else got 40% less spam from them this week.
I never said I was smart, I just said I was smarter than you
Totally insufficent.
1. If you are using an ethernet connection (either to a router or straight to a modem) then you will have a 100mbit link. 30kbyte/sec uplink (because thats what we are looking at) will be less than 1% of utilization which is hard to see at least.
2. Modem lights only work if you are straight wired but even if you are it's hard to spot it against a background of random network activity that windows gives you.
IntechHosting - Free domain, 2GB, PHP, £4.95/$8.95
Google is gathering personal information? Yes, when you sign up.
They cannot mine it from your email, because doing so implicates the Electronic Communications Privacy Act (18 USC 2701-11), and this also forbids them from disclosing anything about the contents of your email to the advertisers (e.g. they won't know why their ad was relevant to you; this is trivial because a simple redirection script will prevent them from knowing where you saw their ad).
This is not the law passed by whoever it was in California, by the way, it's been in effect far longer than that.
Anyhow, back to the original topic, it makes a hell of a lot of difference just how people are monitoring what. Especially when dealing with email, it is more reasonable to figure out exactly what they're doing and judge based on that.
That's why I've spent plenty of time emailing Google (which, surprisingly, actually responds to queries to that privacy concerns email they put up) before deciding whether or not I'll join whenever they come out of beta (I will, they've answered all my concerns). And you had better believe that I would endeavor to do the same were I contemplating using Comcast's service.
Having a bad ISP may not be obvious at first, but if you only find it out when you suddenly need their help with some service issue, it's far too late. Do some research, folks, it's what the Internet was originally intended for...
Here's how it works:
AOL user has a button in their email "this is spam" or "I don't want this" or somesuch.
When they hit the button, the message and headers are sent to some server.
The server automatically blocks the IP of the SMTP server that sent the message so it can no longer send email to AOL.
This works in theory, execpt many users treat this button as a way to muffle their annoying friends. So a "forwarded joke" can get flagged as spam even if it is from their cousin on a small local ISP. There is NO oversight in the process.
Utterly stupid.
I know this, because a local ISP that I help out sometimes coaxed the AOL people to foward the messages with headers so he could address the "problems" and get his mail server unblocked. The messages were personal emails, notes from friends, messages from people's own lawyers as well as normal span.
I am not sure if they have given up caring if AOL-bound emails are blocked. But that's just about the only thing they can do.
Let be exact here.
Terms of service != Legal
Install Kerio Personal firewall. It's free - You need to register for the popup-blocker and other web-stuff to work for more than 30 days, but that's best left to your browser, IMO.
;)
Open the 'Network security' tab, and click the 'packet filter' button.
Create two new rules.
One that says 'Block outgoing mail', blocking all outgoing TCP connections on port 25 and pop up an alert whenever something tries to open a connection.
The second rule should explicitly allow your mail client(s) to send outgoing mail. Make sure this one's processed first (click up/down arrows until it ends up above the block-all rule).
Voila - Your computer is spam safe.
We send a lot of email to AOL and are in AOL's feedback loop for spam reports.
You are right, pushing the button leads to a spam report being sent to AOL, who then keep statistics on file for the spam's origin. If your IP gets "too many" reports compared to the volume of email you are sending, you will be blocked. But it's not normally a 1-for-1 type of deal. And if you're in the feedback loop, you get a copy of the spam report.
We've had days where we've received as many as 20 spam reports, yet we haven't been blocked yet, presumably because our volume was high enough and our track record good enough to be left alone.
We don't send spam. All our users subscribe (yes, on purpose) to receive our email. Yet you get people pushing the "Report Spam" button for many reasons:
- In AOL 9.0, there is not even a warning or a window asking to confirm the button press. You push the button, and any email you have selected is instantly reported as spam.
- They don't tell their users that spam reports are filed and that this may have adverse affects on the person sending the email. All they know is "I don't want email like this anymore." We go out of our way to remind our users in every email where they can go to cancel their account. Doesn't matter. (Keep in mind these people actually requested our email.)
- The "Report Spam" button is DIRECTLY NEXT TO THE DELETE BUTTON. This is fucking retarded. Combined with no warning when a spam report is filed, half the people filing reports are aiming for the delete button. (We know because we've asked for info about these people.)
Here's the best part.
AOL sends these spam reports to you if you are in the feedback loop. The idea is that you will act on them since you are not supposed to send that person any more email once they report you. But they delete the person's email address so you're SOL in most cases! Luckily for us, we're using a good list server that lets us embed the member ID of the user so we can cancel their account. But lots of times we'll get reports on various automated emails from our website that have no other ID aside from the now-erased email address.
All in all, AOL has their head up their ass.