Slashdot Mirror
Comcast Gets Tough on Spam
WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.
If they detect port 25 traffic over a certain threshold, do a quick dns blocklist check. If they're blacklisted, stop traffic on port 25 for that customer and contact them to let them know their machine may be infected.
This seems like the right way to do it, as long as they've got a reasonable way for you to ask for it to be unblocked.
Nice to see a large soulless corporation not just shaft its customers wholesale.
"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
Sounds like a great plan to me! I don't like the idea of outright port blocking (customers are paying for IP access, right) but it's very easy to locate the suspicious hosts, which means that once the automated systems are in place they can easily add port restrictions.
:) Easy.
We can watch to see how effective this is by seeing how many of comcast's IPs show up in real time spam blocklists. Take CBL and WPBL for instance, two of my favourite lists...
% grepcidr -c -e 68.80.0.0/13 1501
% grepcidr -c -e 68.80.0.0/13 351
Now we see if those numbers go down over time
I would have no problem with my ISP blocking port 25 unless I specifically request it to be open. And I would sleep much better at night knowing that my mother isn't unknowingly spamming me and my closest 25 million friends. The stipulation is that it not cost me extra to be able to use port 25. And that the ISP's support staff not be morons.
That's a good one to ask AOL..
They've been blocking virtually anyone sending lots of mail towards them. You have to sign up for their feedback loop, then for their whitelist. In our case, we send a lot of mail to users, because they write to us asking questions. There's plenty of mail going back and forth, but none of it is spam. Most are written by humans, some are automated (You just completed this function, your tracking number is....). They've been doing hit and miss blocking just because they can. It's really annoying. They blocked my workstation because I sent out 4 messages to AOL users in the same day. {sigh}. For my workstation, it's not a big thing, I just changed the IP. But, it's more of a pain for servers.
It doesn't make a lot of sense. I've known spammers. They'll get multiple lines from multiple providers, and keep switching IP's and networks to keep from being blocked. It's all a big act just to make it look like they're being all progressive, even though they're really just annoying legitimate people. Kinda like the TSA.
One of our clients, with his own server and a completely opt in mailing list (like, you specifically have to ask to be on the list) was blocked. He spent hours on the phone with AOL, and got me in on a conference call with them. The support people I spoke with were completely dense. We gave up on any political approach, and just moved his mail server off to another network. He only has about 2000 people who receive his newsletter, and the people not getting it on AOL were actually complaining that they weren't getting them.
Hopefully Comcast will be more professional about it. I know Roadrunner (now Bright House Networks) were absolute dicks about it. They once disconnected my service because I had a DNS server running. I tried to explain to them that their DNS servers sucked (about 5 to 10 seconds to resolve any name). Instead of fixing their problem, they were busy blocking users. {sigh}
Serious? Seriousness is well above my pay grade.
... This is starting to worry me a little. I have been happily running my own mail server for over a year now. The reason being is that I want the ability to host all my own solutions and at the same time use the bandwidth i'm already paying for.
With wonderful dynamic DNS services like no-ip.org I am able to do this on any dynamic IP and I have no reason to worry about needing one of those pesky static IP addresses.
Hopefully if something were to happen where I'd start getting blocked I could just use my connections at work and contact their e-mail admins directly to resolve the issue. However this slash and burn tactic is just the wrong way to go about fighting spam. Hence one of the reasons I left Earthlink/Mindspring, who block e-mail from ALL Dynamic IP addresses and also block outbound port 25 on their networks.
You know that'll never happen.
All things considered, spam isn't the only problem out there. The ratio of junk to legitimate mail is about the same in my postal mailbox. I may get one letter or bill in, and the rest is junk.. Why aren't people screaming "We need to make laws.." "they need to be in jail.." etc, etc.. That won't happen because the post office turns a profit on it.
Most US bandwidth providers do a pretty decent job of trying to stop spam. Most have pretty strict standards, and will shut off a line for spam. I've been in on several of those actions, although not against me or my networks. It would be nice if all providers did that, but again, it probably won't happen. Many overseas companies make good money selling overpriced bandwidth to spammers. Think of it in business terms. If you're a [insert country here] provider, you can charge double or more for hosting and bandwidth to a spammer. You don't really have to answer to anyone but yourself, why not take the sale? Big spammers can use up some pretty substantial bandwidth, so it's worth it for them to sell to this customer. If I have the choice of barely paying my bills, or buying a new house and cars this year, I think the choice is obvious.
One of the magic questions is, who do you go after? Just a couple days ago, a site hosted on a network belonging to a friend of mine was the "source" of spam. I know they didn't do it, it had absolutely no relationship to them or what they did. So I got on the machines, and found the source. They had a feedback program that was fairly well written, but someone exploited a bug in it, to send out to a few thousand people before I stopped it. Should they throw this perfectly legitimate businessman in jail because someone managed to exploit something. I had to look at it a few times to figure out how they exploited it, the script was fairly well written.
Since plenty of the spam relates back to overseas sources, you'll never see them spending time in a US jail. Simply enough, you'd never see every government in the world agreeing on enforcement of any law, even an anti-spam law. In a lot of countries, it's rather difficult to even report the spam. What happens when you're trying to report it, and the support people don't speak English. And don't be so egotistical to say "they should all speak English", the universe or even the Internet doesn't revolve around America.
Serious? Seriousness is well above my pay grade.
If mail servers would start blocking all mail coming from dynamic IPs, they would block the vast majority of spam and block almost no legitimate mail. Yeah, I know that some folks running mail servers on dynamic IPs aren't going to like that, they can still send mail through their provider's mail servers. The arguments against blocking mail from dynamic IPs are pretty much the same as when people were arguing about open mail servers. This is just one mor ething that spammers have ruined.
What legal use could a person possibly have for needing 3 gigs per day of bandwidth, out of curiousity? I peak when I download or significantly update my systems, but even that rarely goes over a couple of gigs, and that's certainly not an every day thing.
"I still don't understand how spam exists economically. I guess people are dumber than I thought:"
Hehe.
I know you're being funny here, but I think there is a general misconception that the people recieving spam actually have to buy stuff. The spammers are paid to get the messages out to x number of people. Their success is not dependent on the actual return rate on the advertising money. It will, however, affect reoccurring business.
To put it another way, I doubt that lack of customers will make the spam go away. I mean, geez, there are still N-Gage commercials on TV.
"Derp de derp."
How did they come to notice that you were running a DNS server anyway? Did they port scan you or something? And why didn't you just firewall it? It's not like requests from a caching nameserver look substantially different from requests from the local resolver.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They're not capping to prevent piracy, they're capping to reduce their costs. What do they care if you get busted for piracy?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And do you think Comcast finally took this step because they decided to stop their spamming users?
Hell no!
The only reason they got off their asses is because admins started wholesale blacklisting of their IP space and their customers started complaining.
Blacklisting WORKS! It's the only way to force these ISPs to be responsible.
If you're running content-based filtering, you're part of the problem. If you refuse SMTP traffic from confirmed spam sites, you are part of the solution.
Serving their own (popular) web page? Hosting a busy mailing list for some obscure interest? Doing both at once?
I'm sure Slashdot has put more than 3gigs load on some of the websites it has linked to. Many are hosted out of somebody's basement. (Ok, so that is a one-day load.)
Do you really have to be a business to need to send stuff to other people?
'Sensible' is a curse word.
Having worked at an ISP, I'm going to answer from the pov of an ISP (your mileage may vary):
Did you try to get TDC to make an exception for you? Some ISPs actually go out of their way to please their customers. They might customize their filters to let your SMTP traffic thru. Seeing how you are the exception, rather than the rule (not many people with PPP/ADSL run their own servers), this is not unreasonable. Heck, they might even give you a separate network and set up reverse DNS for you (your SMTP server should have it).
Does your TOS have enything to say about this? If your TOS say that you can't run a server (and given the nature of the internet and specially p2p traffic this might be semantic hair splitting), then you'll have to acomodate them. Maybe change to a service that will let you.
Of course, I know by personal experience that telco's (specially if they are the dominant one) can be pretty unreasonable, but you won't know until you try.
No sig