Slashdot Mirror
Comcast Gets Tough on Spam
WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.
How do you tell whether your machine is zombie spammer? Is running spybot enough?
And what if they make a mistake and block someone who just happens to send a lot of mail?
Is there a place to appeal?...as good as this could be, I think it's going to inconvenience a lot of people.
Now, if comcast would sell me a static IP address, I might care, but since they don't it's clearly not meant for servers. As long as I can come up with a way to get my mail out (presumably you could set up sendmail or another MTA to use smtp.comcast.net as a relay even though you need to authenticate to use it, but I've never looked into it) it doesn't seem like an issue to me.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I bet it would be a lot more effective to automatically open accounts with that port 25 blocked. If you want to use it, you give them a call and ask for it to be opened. I bet at least 95% of the spam being created is being created without the user knowing so closing port 25 won't affect them.
I don't know about the rest of you here, but since I use them as an ISP and run my own mail server, (exim on debian woody, and yes it's secure) I'm very, very glad that Comcast isn't blocking 25 for everyone.
Not only did they take effors to reduce spam, but for once, they actually listened to their own customers. Thanks Comcast.
Just put these dickhead spammers in jail for 5-10 years for causing so much disruption and cost to the world. I was reading a few days ago (and feel free to correct me/link to the URL) that spam causes ~$1,900 in lost productivity per employee, per year, in the US. THAT is absurd!
On a side note, people with virus infected machines will now notice they can't send email to their external SMTP servers, and call Comcast, which they will reply that you have a mass mailing internet worm, and you've been spamming thousands of messages a day. Due to your incompetence, we have turned off your external access, forever.
http://www.fsckin.com/
Hi, I received this spam from out of your network. I trust sending spam is in violation of your terms and conditions.
Please take appropriate measures.
I read recently that about 80% of spam is sent via hacked computers on broadband: http://www.sandvine.com/news/pr_detail.asp?ID=50
You might consider closing port 25 per default and only open it for customers who explicitly want to run their own mail servers.
Thanks,
"By blocking port 25, they say they cut Spam by 20% last week."
They're talking out of their asses. I have manually blacklisted their entire cablemodem space quite some time ago. Running a grep on the mail log files shows that this week I've already rejected approximately 20% more spam from Comcast than last week.
And the week ain't over yet. The log files rotate on Sundays.
I have concluded that Comcast is a lost cause. Damaged goods. The best thing to do is to blacklist their whole stinking sewer pit, and move on with your life.
Last year the company I'm working at experienced a massive DDoS attack mostly from Comcast hosts having open socks proxies. I think checking the customers for having such things could be effective also, not only against spam but hacking too. Having port 25 open does not mean that it's used for spam. Having a socks proxy world accessable, that's anything but acceptable IMO.
I used to work for an ISP. We blocked all outgoing Port 25 to keep our customers from relaying. We also blocked inbound at first, to keep out spammers. This ran into trouble quickly. Not only are there services that don't offer SMTP, there are some that insist you use an address at their domain on all outgoing. We had customers that either couldn't send at all, or not with our address because their broadband carrier wasn't accepting their messages. The way we fixed this, we put up an authenticating server. This way, if you ouldn't connect directly through us you still had one of our servers you could use. Worked just fine, and made a lot of people very happy. I doubt we had as many as 0.01% of our customers complain about this, mostly because they needed to send work mail from home and their company insisted that all mail with the company address went through their own servers.
Good, inexpensive web hosting
Before, I'd receive about a dozen spams a day, at least. I had started getting them right after i signed up for a PAYPAL account. In the past 2 days, i've received not one spam. Absolutely unreal.
For those who do operate home mail servers, why can't such people just configure their outgoing SMTP server to pass all outgoing mail through the ISP's SMTP server to get around such blocks, and therefore have a more "trustwrothy" and less likely to be blocked IP address in the headers?
"So the company is monitoring traffic and picking out machines that look suspicious."
Okay, isn't that what GMail is doing but to ADD a small advert, and everyone goes bonkers..
Comcast does it to 'stop spam' and they're a hero...?
Excuse me, I don't mean to impose, but I am the ocean
I send out on average about 15 emails/day. None of my email traffic goes through comcast's SMTP servers.
Assuming that this is about average, it would only take 46666.67 customers using non-comcast servers to reach this number.
The following is only antidotal, but...
I have set up the cable modems of at least 18 friends and family members. In general I have found that parents tend to use work email addresses most, AOL accouts second most, Hotmail/other free providers, and comcast addresses least. Kids tend to use either AOL or a free email provider more often than using a comcast address.
Thats comes to about 8 comcast addresses that are actualy used out of the 50 or so email accounts used by these friends and family.
I am suprised the number is not much higher.
Sorry, let me update those current number of comcast's IPs found in CBL and WPBL blocklists. There's a lot more than I thought. Comcast's netblocks are: 24.0.0.0/12, 67.160.0.0/12, 67.176.0.0/14, 67.180.0.0/15, 67.182.0.0/17, 67.182.128.0/18, 68.32.0.0/11, 68.80.0.0/13
CBL: 19897 (2% of entire list)
WPBL: 5199 (10% of entire list!)
Wow, that does look like comcast is responsible for a ton of the world's spam!
Filtering port 25 on dynamic IPs is the Right Thing To Do, I think that filtering port 25 from static IPs is a bit too drastic.
And even though they are not blocking port 25 for me, I've found that if I send from their network, a good portion of my email bounces because a lot of companies have all of comcast's network blacklisted.
I now relay my mail through another server and have no problems.
Need Free Juniper/NetScreen Support? JuniperForum
I generally don't like the idea of ISP's interfering with the network, but port 25 is the exception. I like the idea of them blocking 25 by default, but this plan of keeping an eye on their customers is the next best thing. Most people don't realize how much spam comes from broadband accounts. There is some legitimate mail, yes, but those people need to find a new way of life, because it's mostly spam. I use Sendmail at work, and realizing how things have changed on the spam front I updated my /etc/mail/access file so it now starts like this:
And it goes on, and on, and on, for well over a thousand lines. After implementing this I did some calculation and determined that I was blocking about 22% of our incoming mail. There have been some hiccups, but in general I'm really glad I did this. A few people have contacted me to complain that they can't send mail to my users, and I usually tell them to get a static IP address for their mail server or send through a designated relay. This inconvenience to cheap-o owners of SMTP servers with DHCP-assigned addresses has been a real shame, but my users have commented on how much less spam theiy've been getting recently. Blocking broadband users and using Spamcop have been a great combination. Perhaps one day if more ISPs follow Comcast we'll be able to trust those domains again.
I'm a comcast user and I thought you wouldn't let you get away with running anything that accepts inbound connections. Does this mean I can get away with openning up for inbound ssh?
My current ISP block all inbound port 25 to stop open relays. All it takes is an email and they'll unblock you, and put you on a list of servers that gets checked for open relays every couple of days (if you fail that check you have to have a damned good reason why they'll unblock you again).
It works really well, and I've never heard any complaints about it. It's a lot easier for them than doing things like traffic monitoring etc. as well.
1) What if I want to create a mailing list for a project that I (hypothetically) am making and host the e-mail server myself?
2) I have absolutely no idea what their virus filter du jour is. Nor do I have any influence on it. If it nukes a ZIP file that I was trying to send (or hoping to receive) then it's just bad luck I guess.
3) The performerance of smtp.mail.dk has been known to be abysmal at times... I wouldn't call it smart to force all e-mail to go through your server if it couldn't even handle the load when only some percentage of what your customers sent went through it earlier...
And I have to deal with this crud because some morons don't belong on the internet, aren't using a firewall and get infected with every single fscking e-mail "virus" [*] that is sent their way.
Not to mention how frustrating it was when my e-mail suddenly one day just stopped working.
[*]: Trojan of course. But noone ever seems to use the right terminology.
________
Entranced by anime since late summer 2001 and loving it ^_^
Basically some of the people probably do buy this stuff, they only need a miniscule number of customers to pay for this.
That number of people is probably much less than 1% of the recipients, but they are probably people that don't want to discuss their inadequacies face to face with other people. It is also these people that won't report a fraud to the police because they are too embarased to say what they tried to buy and too embarased to say they've been swindled.
Note the DO NOT REPLY TO THIS EMAIL ADDRESS. .005 cents.
The fax address could also be faked.
At 20 million addresses, that makes my eyeballs worth
I am insulted!
(some stuff deleted to avoid lameness filter)
EMAIL BLAST CAMPAIGNS
ARE YOU TOO BUSY TO SEND OUT YOUR EMAILS YOURSELF?
WHY NOT LET US DO IT FOR YOU?
HOW MANY WOULD YOU LIKE US TO BROADCAST FOR YOU?
PLEASE CHOOSE FORM THE FOLLOWING:
[ ] 5 Million ADDRESSES $400.00
[ ] 10 Million ADDRESSES $600.00
[ ] 20 Million ADDRESSES $1,000.00
[ ] 30 Million ADDRESSES $1,500.00
We use our own directory, so you do not need to pay one dime extra.
"69 percent of U.S. e-mail users have made purchases online, 59 percent have
Purchased in retail stores, 39 percent have purchased through catalogs,
34 percent through call centers and 20 percent through postal mail."
E-mail broadcasting is the simplest, fastest, and most effective way to
Communicate. Reach media messages, which invite recipients to respond live.
SEE HERE FOR DETAILS ON OUR CURRENT PROMOTIONS
No Software to Buy - Nothing to download
Lowest cost for broadcast - Guarantee!
E-Mail is a key component in maintaining contact with your customers!
Email Broadcasting
==DO NOT REPLY TO THIS EMAIL ADDRESS==
ONLY COMMUNICATE WITH US BY FAX
Fill out the Form below and fax it back to 1-240-371-0672
PLEASE PRINT OR TYPE CLEARLY BY CAPITAL LETTERS:
Name:
Country: City:
Telephone:
Email Address:
(REQUIRED)
{ } Information regarding the available forms of payment.
{ } If you need more information it is quicker for us and for you to Communicate through email:
To be removed from the database please follow this link, http://notinuse.biz/takeoff/takeoff.html
Headers:
Return-Path: kgbwascaeper@fri.uni-lj.si
Received: from 221.2.198.66 (221.2.198.66)
by mail01h.rapidsite.net (RS ver 1.0.94vs) with SMTP id 0-0164468140
for ; Sat, 12 Jun 2004 07:02:30 -0400 (EDT)
Received: from 248.113.104.192 by 221.2.198.66; Sat, 12 Jun 2004 17:56:23 +0600
Message-ID:
From: "Scot Swain"
Reply-To: "Scot Swain"
To: CENSORED
Subject: ARE YOU TOO BUSY TO SEND OUT YOUR EMAILS YOURSELF?
Date: Sat, 12 Jun 2004 08:02:23 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--263BC7F2E7F33859B"
X-Priority: 3
X-IP: 80.224.251.116
X-Loop-Detect:1
Status:
I, and many of my family member in other cable providers (whoever does Atlanta does the same thing) have had port 25 blocked. Took me awhile to figure out at first. Actually had to have a family membet telenet to blah:25 before i beleived what was happening.
The solution was to open up another port for SMTP access on our server.
This happened years ago, I never thought twice about it.
-Malakai
A Dragon Lives in my Garage
Has anyone noticed that email which passes through Comcast's servers is delayed for an amazing amount of time? I had a customer that I consult for miss deadlines (and consequently sales) because of mail that was sent at 0800 and got recieved at 2200 the next day. I'm not exaggerating.
Hearing this and playing around with it a bit, it became obvious that the mail was simply lounging around on Comcast's servers.
Now, of course, I can talk to their tech support until I'm blue in the face and ask them what's going on, but I'd like to take this chance to appeal to the Slashdot community, who usually have a much better understanding of these matters than the droids at the Comcast call center.
If you do a couple quick searches around dslreports and newsgroups and so on, you'll see that there are in fact many people who have the precise same issue, and have recieved no significant reply.
Are there any Comcast insiders who know why these emails float around in limbo for 24 hour periods?
I hope so. Before Cox blocked port 25, I started getting more and more bounces but Exim was still more reliable than Cox's SMTP server. Not being able to run a real mail server bothered me, but having to point my MTA at Cox's SMTP servers has been a real pain.
This inconvenience to cheap-o owners of SMTP servers with DHCP-assigned addresses has been a real shame ...
Do me a favor and tell Cox to get rid of their expensive and money losing DHCP infrastructure for their "always on" internet connection with a 1:1 IP to client ratio. I liked the static IP I got from AtHome and I paid for one from Cox when they started to charge for that "service". I dropped it when they wanted $70/month for service that was slower than DSL.
Friends don't help friends install M$ junk.
Have you thought about those that legally trade large music and video files?
I easily break 90gb a month on just unlicensed fansub anime. Not even counting listening to streaming mp3s.
Don't forget:
Gaming server
IRC server
multiple VNC server
Internet radio
PHPnuke boards
Popular Blog
Popular Webcomic comic
Not so popular flavor of Linux you made yourself
Internet phone
Being a camgirl
Seriously, is your imagination so limited that you can't think of another way you use up a lot of uploading bandwidth legally?
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Let's get in the business of assuming people to be criminals when they're not like us. Surely that'll be fun.
For a company that's "getting tough on spam", they don't seem too interested in implementing one of the more common measures to reduce it...
One of the servers that I administer is on Comcast. I just set up SPF records for that domain, and I "include comcast.net" because we send most of our stuff through their SMTP server. Now if only Comcast would set up their SPF records, we could comply to this lovely standard.
Sorry to take this opportunity to rant about one of my pet peeves...
I work at a small-to-middling isp, and we get almost daily reports from spamcop et al reporting one of our dsl customers. We're going to have to start blocking outgoing port 25 unless the customer requests it be unblocked simply in self-defense. It's a tiny, minute fraction that do actually run their own mail servers, and even they could still relay through our mail server. When SPF or something like it is widely deployed, then we'll be able to open things back up because few of these machines will be authorized mail servers.