Comcast Gets Tough on Spam

WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.

Seems reasonable, as long as...

[Space+cowboy]

... there's a back-channel for people whose email is legitimately disproportionately high to have it reinstated. I'd be a mite annoyed (read: bloody furious) if I wasn't doing anything wrong, but my internet access was suddenly curtailed... I send email from home (though never in any quantity likely to raise suspicion) and I don't see why I should use NTL (whose news and mail servers are crap) over my linux gateway.

What I find more chilling is the number of people in the article who are recommending general blocking of the smtp port. Just because it makes life easier for large corporations is no excuse for using a blunt instrument where an elegant solution could be found - in this case, I think the dynamic monitoring and blocking is far more preferable. If NTL decide to block port 25, I guess I'll just have to tunnel outgoing port-25 traffic over a different (say: 2525 :-) port to my co-lo machine and send from there...

Aside: The phrase 'Microsoft is working with ....' always seems to send shivers down my spine these days because of the context I find it in. Sigh.

Simon

Re:Question...

[TWX]

"How do you tell whether your machine is zombie spammer? Is running spybot enough?"

Just monitor traffic coming into and out of your computer. There are utilities that will let you do that. If you see stuff coming and going that you aren't generating then something is definitely wrong.

Re:what about mistakes?

[drinkypoo]

I don't know how they are about this email blocking thing but when they send you an abuse letter for bandwidth overusage :) you can just call support and they'll talk to you. If you want to find out how much bandwidth it's ok for you to use you basically have to call all over the country (hooray for cellular with no long distance fees) to find some guy in Florida (or such was my path, anyhow) who will tell you not to download more than 90GB/mo.

Anyway I installed MRTG and did the math after I got the abuse letter and now I just watch to make sure I haven't downloaded more than about 250kbps averaged over the month (I'm at 181kbps right now) and bingo, problem is solved and I haven't got another abuse letter. Personally I find that to be a pretty pathetic amount of transfer per month but they have a monopoly on broadband here unless you are willing to count satellite as an option, which given the latency, I am not.

Regardless, I'm sure calling technical support will actually be useful in the case where you're not sending spam. However, I have a feeling that they're actually scanning your outgoing messages for particular content. This is not particularly hard to do, and since it's done by an automated system it's not a breach of privacy unless they're holding logging information which contain parts of your emails longer than necessary.

Bellsouth, on the other hand blocks all 25

[firewort]

Bellsouth is now blocking all port 25 traffic, whether or not they sell the customer a static IP.

I had a mail server running on static IP for over a year and they've just blocked it as of last night- Their third tier support claimed that it was because they were being threatened with being blocked by other ISPs.

Just use SpamCop

SpamCop will take care of figuring out the origin and reporting spam for you.

Re:what about mistakes?

[bairy]

I use bandwidth meter to keep track of how much I've down/uploaded during a week/month. And the log files for past months are just geeky genius.

90gig/month is gonna be around 3gig/day.

Re:Question...

[Moonpie+Madness]

In case that anser was not sufficient, alt control delete brings up the task manager in windows, from which you can monitor your internet activity... further you can look at your modem's activity lights.

Re:Why not pass through their mail servers?

[Telent]

Um... because most of us who run "home" mail servers do it because our ISP's mail servers are slow, unreliable, and down half of the time? Because the rewriting rules often keep us from using our personal domains? Because if we wanted to use our ISP's mail servers, we wouldn't be running our own?

Now, in my case, none of this applies, because I have a clueful ISP (Hi, Speakeasy!), but back in the Dark Ages of DSL through $TELCO, believe me, I had to. Or I didn't get mail. And believe me, I live for my mail.

Re:E-mail Advertising?

[vena]

that's just it, economics. for a spammer to send out 1mil emails, the cost is trivial (for the spammer). if they get a response of just 1%, that's 10,000 customers, .1% gives 1,000 customers. that's not a bad haul for a fly-by-night pharmacy with likely very little overhead. they likely have no warehouse, no real store or property outside of the home of the person running it and postage is paid by the consumer.

... they're not the only ones

[Samari711]

*LOGICAL FALACY ALERT* "i recieved more spam from them this week" does not translate into "they sent more spam". it is entirely possible for their spam numbers to go down and yours to go up, that just means someone else got 40% less spam from them this week.