Slashdot Mirror
Comcast Port 25 Blocks Result In Less Spam
Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from
their network, they decided to identify spammers and zombie relays on their
network and block
port 25 traffic from those IP addresses. Comcast's efforts are starting to
pay off. They announced the amount of spam from their network has dropped
35 percent since they began port blocking and
traffic estimates from SenderBase seem to confirm the claims. Spam coming
from Comcast subscribers who were formerly on AT&T networks also
seems to have decreased'."
Here's the actual Ars Technica story that wasn't linked, but copied and pasted as the Slashdot story.
Something I've been wondering about though is SpamCop's yearly stats. Since April, spam reporting has been going down. Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled? I know on my mail server I've implemented some straight blacklist checks primarily using sbl-xbl.spamhaus.org and it's been working great with no false positives. Some spam still gets through, but SpamAssassin usually catches it with other checks.
Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?
I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.
- Greg
Start a happiness pandemic
I am with comcast and the last 2 days I can't get at all to bittorent downloads. Does bittorent needs port 25?
In the last few months I didn't have a problem btw, only the last few days.
Step 2 is to take these selfish bastards to court. They were clearly breaching the terms and conditions of their accounts, so proving a case against them won't take more than five minutes.
Once a few of these spammers have lost everything including the shirt on their backs then you'll see a serious drop in the number of people who think that spamming is a quick and easy path to riches.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
I suppose it's port 25 outgoing, right? The same one that Earthlink has blocked for ages. (not sure if they still do) The same one that won't let you send SMTP mail with a different domain even if you owned the domain name?
I understand it's for spam-fighting and they only go after the uber-offenders...but it's definitely something to watch for since the ability to send mail (through the domains of our choosing if we own it) should be a fundamental feature of an ISP.
Kudos to them for doing a good job of it -- my home Internet connection is through Comcast, and I haven't experienced any trouble sending mail to my own SMTP server on another network. They could so easily have just gone the "all SMTP traffic must go to our hosts" route, but they're doing it the right way instead. Nice to see.
this is grand and all, but i run my own mailserver (merely to get a 5gig inbox and the username i want), and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.
spammers aren't the only ones being blocked by spam prevention
It's a small price to pay for a wick3d screensaver.
Or 465. There are alternatives for sending authenticated and encrypted email to third party, non-ISP mail servers. We should work on grandfathering port 25 for mail senders and leave 25 only for server to server traffic.
I have a little mail-server on the end of my cable line for my domain which has three mail accounts on it. I always find it immensely frustrating that my mail server is on MAPS DUL list and people who subscribe to MAPS block my mail.
It's not been a big enough issue that I've installed SASL for my postfix server, but it would be nice to get off the list.
Stand Fast,
tjg.
Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased.
Seems as as we are *still on* an ATTBI network. I was originally an ATTBI subscriber, and the Comcast transition occured many months ago. Interestingly enough, my rDNS still resolves to:
[ip].[state].client2.attbi.com
Seems awfully odd that this remais.. one would think, at least for the sake of the brandname, that this would be reporting comcast.net
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
Not only can you not read the article, you can't even read the story text.
Here, I'll help you:
"spam from their network has dropped 35 percent"
The important thing is HOW MANY OF THOSE 500 ARE FROM COMCAST'S NETWORK?. Also, compare that to your 2 months ago rates of spam coming from comcast's network.
Come on, how hard is it REALLY to read THE TEXT ON SLASHDOT?
The other way of looking at this is that despite the draconian measure of blocking port 25, 65% of spam is still getting through.
C minus. Must try harder
... To make up for the difference spammers are making their emails more offensive.
Now does the mailserver "Provided by your ISP work? No, they block any IP not their own. Now if port 25 wasn't blocked you could use your own and avoid having to change the Client setup.
I have exactly this problem and have to pay $10 / year to have access to a smtp server that will allow me to log-in from any IP.
Help fight continental drift.
1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.
2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".
Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!
Agile Artisans
Just a thought...send the list of IPs to abuse@comcast.net?
This is about normal
The unfortunate truth is that we have come to accept wholesale abuse of our collective inboxes as 'normal', SMTP is woefully inadequate, the next time saving technological advance will probably be the rediscovery of pen, paper and stamps.
Really! It looks like the equipment they provide now is pure junk. Before it was rock solid, now it goes down many times per day and the only solution is to pull the power connector.
But seriously, why has the spam from Comcast not fallen further? Is Comcast only running a trial on part of its network?
I'm still seeing lots of Comcast IP addresses blocked by using the XBL.spamhaus.net RBL -- how is it that Spamhaus is better at detecting these machines than Comcast?
The real "Libtards" are the Libertarians!
I take offense to this kind of thing. I live in northern Alberta, and my ISP, Telus, recently began blocking a wide range of ports, most of which I had previously noticed heavy worm activity on. So I must presume that is their rationale behind filtering these ports. But this worm activity didn't bother me, since I have my machine properly secured. It's none of my concern if some people don't. Now I feel as if I don't have a REAL TCP/IP connection to the internet. I have 65355 ports on my TCP/IP stack that I should be able to use, as I please. But I no longer can, because of this. I run an HTTP server as a testing ground for some of my web projects, and an FTP server so my friends can transfer files to and from my machine. And I'd like other people on the internet to be able to access these ports, since that's what the internet DOES. That's what it's for. If I wanted a private company to dictate how I could use my computer and my internet connection, I would be a regular Microsoft customer. Admittedly, this situation is a little different than the one in the article - since comcast only blocked port 25 of computers known to be transmitting spam. But the situation with Telus is a blanket filtering of these ports for all DSL users, which I completely disagree with, and it actually angers me. Now I have to find a new service provider, and believe me, this isn't easy in the small community where I live.
The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.
I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
You're kidding, right? abuse@* don't pay attention to anyone but the FBI and RIAA. Sometimes not even the FBI.
those IP addresses I hope they are blocking users and not IPs, because a lot of the offenders are probably on dynamic IPs....
Laboratree - Scientific collaboration based on OpenSocial.
I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.
Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.
I could try to log it, but I got more important stuff to do. Like block wanadoo and verizon and swbell and roadrunner and adelphia and mindspring and hinet and all the other DSL providers in the world. I'm about ready to pull the plug on the mail server and just tell people to call me on the phone. E-mail is about useless any more.
/dev/null.
And did you ever get any response from any ISP's abuse@ email? Seriously, I used to believe in that fairy tale too, but in the real world abuse@ emails either bounce or go to
It'd make much more sense to notify them or do a page redirect than to charge extra or shut 'em down. The odds are, if they're acting as a spam relay, their machines aren't patched, running a virus scan, a firewall, etc. So at the minimum, redirect them to a page with a comcast hosted online virus scanner & windows update. I know I'd suggest Ad-Aware & Spybot & a firewall, but if comcast tells you to use anything... they're stuck having to provide tech support when it screws up.
[Fuck Beta]
o0t!
I'm on Comcasts network, and I haven't had any problems sending email, and I'm not using their email servers. This seems to be an isolated policy perhaps?
I have a paid SpamCop account. I used to report everything, but it just takes too much time and the amount of spam continues to rise. I will not be renewing my SpamCop account once it expires next April.
I'm happier with using good spam filtering (Spam Assassin/Spam Sieve) and just ignoring the problem. I see much less spam this way, compared to looking at each and every spam I report.
Just in the last few minutes, and checking headers, the spam I recieved came from Sweden, Korea, and one from...drum roll...Comcast. But seriously, most of the spam is coming from not just the USA.
Pete Carr Owner Chatmag.com
Dear User,
your Internet Protocol number has been logged for legal purposes in accordance with our efforts to reduce the increasing amount of sexually abusive language on this site and to comply with the Rules Of Governance In Electronic Media as required by Californian law.
We are to inform you of the legal steps taken against the holder of mentioned number, which we hereby do.
Please refer to the Bureau Of The Attorney Of Los Angeles (CA) county to request your case number, as this message is generated electronically and we have no means to determine the case number at this moment.
Thank you.
I don't see the problem here. These machines have been *hijacked* so there should be no issue cutting them off from the internet if not for the internet's sake, than for the sake of the owner of the computer! I mean, if the machine has been comprimised, there could be a keylogger running just as easily as a spambot program. Pull the damned thing off the internet and tell the user to fix their machine. If they don't know how to do this, charge them $20 for a technician to come out there and run adaware, S&D, etc...or offer to send them these programs on a CD through the mail or for pickup at the ISP office.
There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?
4. Is God the all-powerful and all-knowing Creator of the universe, and does he still rule it today?
What do you mean by "God"? Is it Good Orderly Direction? Is it the "God" that's in the Christian Bible? Is it the "God" that came from Finland and wrote an OS? Is it the God that comes in a wrapper of cellophane?
The term "God" is extremely vague. I suggest that you re-word your troll some, it might actually mean something.
Thanx.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
I'm a Comast customer. I also run my own mail server, and have four separate domains receiving mail. But, I also know how SMTP is supposed to work, and have a fallback-mx-relay configured to send mail out throuth smtp.comcast.net if I can't send directly. In other words, no problems.
But, I got a warning letter from Comcast that they noticed me sending out too much mail, which I have taken up with their abuse department because they obviously don't check their logs.
Of the four domains I receive mail for, I receive over 3,000 pieces of email per day.
I also use ASSP (assp.sourceforge.net), and have ASSP set to forward every piece of SPAM to uce@ftc.gov.
Over 85% of all mail received is marked spam. That's over 2,000 pieces of spam that's automatically being forwarded to the FTC, and over Comcast's mail servers, and they're complaining!
Jesus. I'm actually doing something to help stop the problem.
If only T-1 lines were cheaper.
Comparing to these measurements I made when Comcast first announced its strategy...
Looking at Comcast's IPs appearing on realtime blocklists, today:
CBL: 17132 (Comcast is 1.3% of CBL)
WPBL: 4779 (Comcast is 9.6% of WPBL)
Compared to the number of Comcast IPs that were spam sources two tweeks ago (19897 and 5199) it does appear that there are fewer Comcast spam sources. However the overall proportion of Comcast IPs in the entire lists haven't changed much from (2% and 10%)
1. I couldn't keep up and my efforts didn't seem to make much difference.
2. Spamcop got stricter and a simple copy and paste from the outlook express headers stopped working. At the time I was using spamcop I wasn't willing to switch email clients. Now thunderbird is almost up to par with everything I need.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Yay! Now we are all forced to forward our mail through Comcast's SMTP server.
Actually, I have been sending all my mail through Comcast's SMTP server for a while now, because AOL blocks mail directly from my (semi-)dynamic IP address. So, if I want to send mail to AOL users (well, the rest of the family using the SMTP server), I have to send it through Comcast's slow-as-hell mail server.
When I send mail to Gmail, for example, directly from my server, it takes just a few seconds to appear in my inbox, but when I forward it through Comcast, it often takes an hour or more.
Now, this is not completely Comcast's fault, AOL is to blame as well. It really pisses me off that I lose the speed and privacy that comes with having my own SMTP server just because the big providers can't figure out any ways to deal with spam. Fun.
Andrew
They didn't block port 25 for everyone; only the people that were sending a crapload of spam.
What?
Some spammer decided to joe-job me. Very annoyed. At some point, my domain that they're spoofing mail from is going to get blacklisted -- not because mail is coming from it, but because it appears to be. I havn't seen any spamcop reports or anything similar, but I've seen metric fucktonnes of Win32 worm messages coming into email addresses that never have existed at the same domain that's being joe-jobbed. I really need an antivirus solution built into sendmail. Spamassassin works for 99% of my spam, but these god damn worms are driving me absoltuely insane.
There isn't really all that much you can do about being joe-jobbed, 9 times out of 10 the "admins" for the zombified machine doesn't understand that I'm not the spammer, eventhough I received the bounce for the spam.
Anyone have any good results at trying to get a joe-job to stop?
da w00t. mtfnpy?
one of my friends has comcast and he quit using his comcast email because it was getting spammed big time before he had even used it for anything, so its even worse for the users, there not blocking port 25 within there own network are they?
relays.ordb.org
bl.spamcop.net
list.dsbl.org
xbl.spamhaus.org
I've got all six of them running on my company's mail server. It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive. That way, I can whitelist the sender and sometimes help them if they have an open relay and didn't know it. I've had one false positive in the last year. That's for 50 users in my company, some of which post their email address everywhere and use it in Banzai Buddy forms. ~90% of spam destined for valid mailboxes is blocked. Not bad considering it's free, easy to set up, and maintenance free.
-Lucas
TCP/IP has 65535 ports (excluding port 0).
Being a subscriber to my local cable monopoly (Cablevision), I've enjoyed the reverse situation for several years.... namely, they block traffic going INTO port 25 on my machine. I can send out all the mail I want, but to receive mail directly, I have to have a friend on another network accept it (MX records don't yet allow port specifications... sigh), and then transfer it via fetchmail/ssh.
Note to Cablevision.... I still get lots of spam, it just sits on YOUR disk instead of mine... way to go guys!
Actually,
I got Hotmail to shut down an account that was sending me offensive email via their abuse@hotmail.com e-mail address.
-A
Cox ahs been doing this for years. surprised the hell out of me when I oculdn't use anything but cox's SMTP server. Bloody brilliant.
Non impediti ratione cogitationus.
Cox blocks ALL outbound port 25 traffic unless it's going through their servers.
That aside, I find this to be a double edged sword. On one note, we see that spam is going bye-bye, on another... we're losing what the internet is. Completely open to all the world is what the internet became, but is no longer. Now we have ISP's dictating what ports we can use, and what we can't. Provided that this is a business and you're "buying" a service, it's generally nigh impossible for the average joe to just jump on the internet all by his lonesome without having to pay and arm and a leg for a dedicated, unbridled line... As such, there should be laws in place to protect what the internet is, yet give appropriate power to stop things like spam and kiddie porn.
I'm in the exact same boat. I use a laptop. I am on Telus' network during mornings and evenings, and during those times, access to port 25 is limited to one maching: smtp.telus.net. I *pay* for .Mac email (and webdav, and homepage) service, and they are denying me access to that service.
As soon as I leave home, and arrive at work, I connect my laptop to the local network there and, because they are not on Telus' network, I can no longer access smtp.telus.net. As a result, I have to edit my email application's SMTP settings twice a day simply to send email. This is NOT a solution. They provide no way to access smtp.telus.net from outside their network, even via authenticated connections. It's ridiculous.
I've contacted the other big ISP around here (though in the interests of being balanced, I'll leave it to you to do your own research) and they don't have this limitation. I'll be switching away from telus as soon as I get connected with my new ISP. I would suggest that other Telus customers complain (I did, and they sent me three essentially form mail responses amounting to "too bad") and hope they come up with a workable solution. If not, do what I'm doing and deny them your money.
Their customer service has been rated among the worst in BC, and my experiences confirm this. What a pain.
Oh wait, it's probably just down again.
Show me on the doll where his noodly appendage touched you.
I've said the same thing before, and it did seem to jinx my role accounts. abuse@ has been getting the crap spammed out of it lately on several domains I own.
Of course, I did put my abuse@ addresses in a very bad position: I use them in my domains' WHOIS records. I did this specifically on the logical presumption that spammers would automatically strip abuse@ off of their lists. Whoops.
I have also received spam SMTP envelope addressed to postmaster@ - and to add insult to injury, it appeared to have been part of a dictionary attack. (I've never listed postmaster@ for those domains anywhere that a spambot could pick it up.)
Listwashing of known active spamfighters aside, spammers truly don't seem to care what addresses they have on their lists. AFAIK, they typically get paid for how big those lists are (i.e., their scum clients pay them to "spam 27 million people" or whatnot). So there's no financial incentive at all for them to use clean lists: If it got sent, they got paid for it, even if it bounced from a non-existent address or went straight to an abuse@ role account. In their eyes, bigger lists are better lists with no other considerations.
Microsoft Windows is, fittingly, the official Desktop OS of Olig
No, Step 3 should be a re-education process that ideally would include a 2x4, a rat in a bucket, a red hot poker, a pair of pliers, and one of these.
(And see previous posters' comments about shock prods...)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
We have users log in using ports 465 & 995 and they have no other issues with sending/recieving their mail while on trips etc...
Might want to see if your ISP has something like that set up.
Comcast (hereby referred to as Spamcast) has ignored their massive spam problem for years now. Fortunately for me the solution was to firewall all of their dynamic space from my mail server.
Apparently Spews thought nuking the dynamic users wasnt enough, and blacklisted all of their dynamic space plus most of their corporate servers as well.
One of these days Spamcast will wake up and realize that a huge chunk of the internet has blackholed them. I only wonder how many months or years it will take for the clue to sink in.
Lawyers, MBA's, RIAA? A jedi fears not these things!
"Over 500 spam messages so far today on a domain I've had since the mid 90s. This is about normal and what I've come to expect at this point."
I'm disappointed. The gov't raised interest rates by half a percent, but my bank account is exactly the same as it was yesterday.
"Derp de derp."
A couple of years ago (2001?), Verizon had a five-day SMTP server outage. (I was a customer then.) No email got in or out. They were accepting email for 4 days of that five that was arriving from outside Verizon's network, but were then throwing the email away.
Moreover they had the policy that outgoing mail had to have the From: and Reply-To: addresses be verizon.net email addresses. Which meant that I could not use the email address that I've had for years, nor could my wife use her work email address.
Using the ISP's outgoing SMTP server only works if:
1) the server actually works
2) the ISP has things configured in a correct manner.
My only choices in this situation were to build my own mail server, or get a free webmail account somewhere. The ISP fell far short of what anyone could deem acceptable. Using the ISP's SMTP server is a good idea -- if the ISP knows what the hell they're doing. At that time, Verizon clearly didn't.
...carry this suitcase with you on the flight for me? I have an emergency and had to cancel, but the suitcase has my nephews books for college? He will meet you at the next landing. You will? great! thanks!
~~~~ later on at the security gate~~~~
whoop whoop whoop! I'm sorry mrs. spammer, the machine has detected something in your carry on luggage, we'll have to inspect it.
ok
hmm, seems we have a kilo of heroin here, two grenades, a vial marked botulism, and some kiddie porn and what's this ?? NAIL CLIPPERS!!11
mrs. spammer -BUT I DIDN'T KNOW! I WAS JUST TRAVELING, AND THIS MAN ASKED ME TO CARRY A BAG FOR HIS NEPHEW IN COLLEGE AND...! IT'S NOT REALLY MINE, I AM INNOCENT! OHHHHH SOOOOO SINCERELY AND TRULY INNOCENT! REALLY! IT'S NOT MY FAULT, WAHHHH!
sorry ma'am, have to read you your rights. I guess you should have paid attention to what you were doing, you'll have to sort it out in court with the judge now. You know in todays world you have to *pay attention to what you are doing*, you can't *assume* anything. Traveling is not that hard, but there are some COMMON SENSE things that you should have been doing, like not taking strange packages from strangers, or assuming you know what's in something and..and....... etc etc
No reason this can't happen with compromised machines and their owners in some manner. They download the crap, refuse to use firewalls or antivirus, won't learn how to use a browser, just assume, assume, assume. they carry contraband from strangers, then other people get hurt. Tough love. wake up call. Hello, this is the real world. They are doing it with downloaders of music, they can do it with people who get zombiefied because they lack common sense, refuse to get even a basic knowledge of what they are doing.. Make the users responsible in some form,not just blocking a port, make them actually responsible, maybe a few of them might wake up, see if they can do something different than just blindly trusting what microsoft and the vendors sell them. Then, if a few thousand or tens of thousands go to court, they MIGHT just turn around, get evfen nastier lawyers, and sue the crap out of the perps who sold them the machines and software that came thoroughly pre-borked out of the box, the same smiling rich guys who told them they buy their products, and that they could then get on the internet no probs, and took their money for it.
My spam load has decreased DRASTICALLY in the last two to three weeks. I thought it was because my ISP had me offline for almost 2 weeks, and therefore 2 weeks of over 1000 SPAMs per day bouncing might have gotten me taken off of some lists.. that might have something to do with it.. but.. now i'm under 200 SPAMs a day.. I'll take an 80% reduction in SPAM anytime! (and i'd like another please!)
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
The company I work for provides an Email->SMS gateway. When we get complaints about delayed message delivery and check the Received headers on one of the emails we usually find they routed out from their Exchange server (!) via their ISP and the ISP decided to hold onto the email for a few hours.
This is why I run my own little mailserver at home. It does hardly any non-spam traffic, but at least I can check the logs and know that my email got through.
No, I did not read the f***ing article!
Who would have thunk?
read? I just look at the pictures. Oh wait we're not talking about the magazines under my mattress....
Now if only comcast would stop all those cmd.exe win dows attacks I might actually be able to read my apache access logs.
stendec@gmail.com
when I switched from Optimum Online to Comcast, I quit getting ANY spam at all. Obviously this is only talking about folks on their network sending.. but its good that they are being proactive about blocking both incoming and outgoing.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
And this, fellow Slashdot readers, is what we call an "extremist."
Do you know that SpamCop has a "quick reporting" option (you have to ask to get it enabled for you)? With quick reporting, you only need to submit the spam via email and the source IP gets automatically reported (but no reporting of spamvertized web sites this way). This way you do not have to go to clicking through their web site, and the bl.spamcop.net still gets all the data.
See my post above.
See my response to the parent post.
Have you tried asking Comcast tech support about SMTP performance? I have Comcast broadband and most email takes a few seconds to recieve at the most.
from a daily average of ~98 to 54
thanks comcast. you bastards.
Here's yesterday's comcast and attbi spam attempts from my mailserver logs:
11:17:30 1 SMTP-074(pcp03798560pcs.galitn01.tn.comcast.net) Return-Path '<vernon@seznam.cz>' rejected: routed to ERROR
11:17:37 1 SMTP-076(c-24-245-53-31.mn.client2.attbi.com) Return-Path '<inderpal@seznam.cz>' rejected: routed to ERROR
11:18:13 1 SMTP-083(pcp02218985pcs.echryh01.nj.comcast.net) Return-Path '<dain@t-online.de>' rejected: routed to ERROR
11:18:16 1 SMTP-084(c-24-5-18-39.client.comcast.net) Return-Path '<raffi@t-online.de>' rejected: routed to ERROR
11:18:48 1 SMTP-091(c-67-167-67-156.client.comcast.net) Return-Path '<trent@seznam.cz>' rejected: routed to ERROR
11:19:10 1 SMTP-094(h00095b8f289b.ne.client2.attbi.com) Return-Path '<dorit@t-online.de>' rejected: routed to ERROR
16:29:41 1 SMTP-130(c-24-15-176-110.client.comcast.net) Return-Path '<rakesh@t-online.de>' rejected: routed to ERROR
16:29:57 1 SMTP-133(c-66-176-92-94.se.client2.attbi.com) Return-Path '<kuo-juey@seznam.cz>' rejected: routed to ERROR
16:30:13 1 SMTP-135(c-24-8-29-151.client.comcast.net) Return-Path '<shih@seznam.cz>' rejected: routed to ERROR
16:30:22 1 SMTP-136(c-24-126-93-71.we.client2.attbi.com) Return-Path '<eleni@t-online.de>' rejected: routed to ERROR
16:31:04 1 SMTP-143(c-67-166-120-177.client.comcast.net) Return-Path '<axel@seznam.cz>' rejected: routed to ERROR
16:31:10 1 SMTP-144(c-24-5-242-4.client.comcast.net) Return-Path '<julia@t-online.de>' rejected: routed to ERROR
16:31:13 1 SMTP-145(c-24-5-194-85.client.comcast.net) Return-Path '<farhad@seznam.cz>' rejected: routed to ERROR
16:31:16 1 SMTP-146(c-67-173-26-207.client.comcast.net) Return-Path '<alun@seznam.cz>' rejected: routed to ERROR
16:31:44 1 SMTP-149(c-67-163-74-4.client.comcast.net) Return-Path '<kyra@seznam.cz>' rejected: routed to ERROR
16:32:28 1 SMTP-155(c-24-12-225-17.client.comcast.net) Return-Path '<amy@seznam.cz>' rejected: routed to ERROR
16:32:48 1 SMTP-157(h00e0183d6b85.ne.client2.attbi.com) Return-Path '<leison@seznam.cz>' rejected: routed to ERROR
This is but a fraction of the spam attempts I see on my server-- they are nearly all from zombied home Windows machines sitting on broadband. They show up in the logs in several clumps of nearly-simultaneous attempts, so it's obvious they are all under the control of a small group of spammers. The next step Comcast makes should be to monitor inbound traffic to the zombied machines on their network... theoretically they should be able to locate the controlling entity by detecting the shitload of inbound traffic to their client IP ranges from a single source.
...they do all the hard work for you, and if your company can afford it they could even pay them so you can do a zone xfer. That way you're blocking spam easily plus supporting a valuable organisation.
I am NaN
Did you read even the Slashdot blurb, let alone the article? They are blocking port25 for computers that are apparent infected zombie hosts or spammers ONLY, not broad blocking of all port25 from all customers. Assuming you aren't a spammer, this won't affect you.
Comcast _has_ found a way to deal with spam coming from their users. AOL is another matter (re: blocking incoming from comcast users), but maybe that will change now that Comcast is policing its network.
Why do we need the mediating storage anymore?
Why not move to use "instant messaging" methods of direct connectivity between the sender and recipient, and only falling back to server storage when necessary?
This allows for much better knowledge of successful/failed delivery.
It may move more control of message reception to the recipients, allowing them to implement extra protections. For example, requiring arbitrary/configurable amounts of computation on the behalf of the sender to send them a message (increasing the cost of a message send) (unless ofcourse the sender is on a white list of known correspondents).
Is any such transition feasible in the near future?
I hate to tell you this but the majority of internet users do not have 24/7 connectivity. Most are still on dial up.
Until prices come down and rural areas are better served broadband is not going to be even remotely universal.
So they are just clamping down on the freeloading spammers.
I see no other logical explanation for that remaining 65%...
Oh well, what the hell...
The bottom line is that ALL responsible ISP's should be filtering port 25 traffic. This also stops the propagation of the majority of worms. It's a lot easier for those who want to run SMTP servers to request permission to have port 25 allowed, and otherwise block everyone else.
You can bet that Comcast has only done this in response to lots of responsible ISPs starting to wholesale-block all port 25 traffic from their IP space. RBLs continue to be not only the most effective method of stopping spam, but also the only effective method of forcing ISPs to control the rogue behavior of their users.
I checked my logs and worked out some stats and it actually does look like there is a decrease in spam from comcast.net! In the last four weeks I've received, 14658, 14057, 12535, 12209 and so far this week 7765 spams from the dynamic comcast.net address spaces.
:-(
It was actually instructive to do some log analysis and it looks like there are spam zombies basically everywhere, pacbell.net, swbell.net, ameritech.net, tpnet.pl, wanadoo.nl, giga.net.tw, axelero.hu, tiscali.fr, tiscali.il, sympatico.ca, rr.com, verizon.net, charter.com, ocn.ne.jp, bbtec.net, bigpond.net.au, optonline.net, dion.ne.jp, hiway.net.tw, hinet.net, netvigator.com, hkcable.com.hk, maxonline.com.sg, t-dialin.net, supercable.es, alkimnet.net, hispeed.ch, netvision.net.il, netvisao.pt, home.nl, rima-tde.net, chello.nl, btopenworld.com, cox-internet.com, veloxzone.com.br, brasiltelecom.net.br, prod-infinitum.com.mx, telesp.net.br, - just to name a few. These are in no particular order just places that lots of spam from IPs with dsl, adsl or ppp in their rDNS arrived from. The list goes on and on and on.
I have written a little python script that does the job of confirming SPAM for me. I would have posted it here but the /. junk character filter was catching on the python syntax. ;-)
If anybody is interested I may publish it on a website.
"Is it friday yet?"
"It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive"
I hope you've set your mailserver to remove all attachments before boucing them. If not, you are propogating viruses.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
no, just a mail admin that doesnt put up with spammy abusive networks. I am sick and tired of paying for the bandwidth and have spammers treat my mail server as their dumping ground for advertising, porn, viagra, 419's, viruses, you name it. My inbox stays damn clean anymore, and i like it that way. Your more then welcome to use hotmail or yahoo, or whatever, and get your inbox flooded with crap. My server, my rules, my firewall.
Lawyers, MBA's, RIAA? A jedi fears not these things!
It's easy. Bring back bang path e-mail addresses. No more problems tracing the sender.
Not a sentence!
Come on... just of of the top of my head I can think of 4 ways to send mail if I am on the road somewhere and port 25 is blocked.
.
1) web mail (either set it up on one of your own servers or use aol/yahoo)
2) SSH into one of your shell accounts and send it from there vie pine or even plain old mail.
3) Open a machine for relay at work or home... whichever is not blocked and send it through there. (Be sure to close the relay when you are done or the spammers will find it)
4) ssh worksshserver -L 2525:workmailserver:25 then point your mail program to send through localhost:2525
...disable your catchall-address on your 4 domains, and only set up the addresses you need. You will see that the rate of spam you get will drop.
Furthermore the overall traffic you cause on the net will drop also, because the spam will be blocked directly at the mailserver with a 550. The mail will not be transmitted at all.
There are at least a dozen of other methods to block mail from entering a mailserver (given you really have admin-rights on the MX of your domains). There is no need to forward 3000 mails a day to some unlucky bureaucrat.
Please see:
Greylisting - the next step in the spam-control war (generic)
Anti-UCE Cheat-Sheet (Postfix)
Security-Sage Anti-Spam Guide (Postfix)
Meme of the day: I browse "Disable Sigs: Checked". So should you.
How strange. After answering all those questions I instinctively continued with 'Oh mama mia mama mia, mama mia let me go, Beelzebub has a devil put aside for me!'
I wonder why that might be?
Real Daleks don't climb stairs - they level the building.
Well, as if there isn't enough that has been already said about the questionable practices of SPEWS, but it seems like it bears repeating for this audience once again.
First off, they block entire ISP's instead of offending netblocks or IP addresses. This works nicely to "encourage" their customers to switch, thereby presuring the ISP to switch. However, in many areas, there is only one viable ISP for a type of service or area of service. These customers are forced to deal with SPEWS blocking with the few places that do use it. On top of that, is it reasonable to ask people to be blocked for weeks at a time because of a small spammer that you have nothing to do with who got out of control for a few days?
Another one of SPEWS' rather unfortunatnte polcies is their blocking of entire countries. I agree with SPEWS that some countries, namely many Asian and South American ones, have gotten very lax with spammers, however that is no justification to cut off an entire culture from everyone else at your own whim. Thats downright wrong and its racist.
As if that is bad enough, there is the story of when SPEWS came to head with a rather large website, Something Awful who it would cost alot of money to move their servers and data over to new people (and not to mention the increases in monthly cost it would incur to them that would probably shut them down or restrict them) in order to avoid being unfairly blacklisted by SPEWS' block on their ISP's IP range. This did not sit well with their users, who lodged a protest with SPEWS en masse. This resulted in a counter DDoS from SPEWS members, which is documented here and many other places. Do you want to support an organization that does this type of activity to people who disagree with them?
In my mind, SPEWS is no better than the spammers, and quite a few others agree with my sentiments.
Of course, most of the people using SPEWS don't ever have to receive emails of any importance from clients or customers. How would you explain to your customers that they have to switch ISP's to do business with you and expect to still have them as customers?
However, of the anti-spam groups, I happen to like SpamCop (there are other respectable ones, I just dont have any level of experience with them). They do a damned fine job of blocking spam very fast and would reccomend them in a heartbeat.
dont forget sbl-xbl.spamhaus.org , its a marger of the two blocklists and spamhaus.
:(
Pity my shitty antispam software only supports two rbls
ICQ has the delivery system you want... Messages to users who are logged in are delivered immediately. Messages to offline users are stored and delivered when the recipient logs in.
End of Line.
I've seen a 50% drop in spam recently
You can do that on a store-and-forward network too. Every mail server could require the computation of a challenge before accepting a message for storage.
Oh, and BTW, only a small minority has 24/7 connectivity (and I'm not even talking about third world countries!).
cpghost at Cordula's Web.
Thats exact the same arguments people had against RBLs (Realtime-Blackhole-Lists): "Wholesale blocking of a complete machine is a lazy, destructive answer to the problem. It may stop the flow of spam in the short term, but it also seriously harms legitimate users of the machine."
n sbl.sorbs.net,web.dnsbl.sorbs.net and sbl.spamhaus.org on a VERY large mailserver and had 2 complaints in 2 years! For comparison: Every day 200.000 mails are beeing relayed through that system.
I use relays.ordb.org, opm.blitzed.org, block.dnsbl.sorbs.net, zombie.dnsbl.sorbs.net, socks.dnsbl.sorbs.net,misc.dnsbl.sorbs.net,smtp.d
So I think if the automation isn't totally braindamaged, you can use them (RBLs) without harming innocent bystanders. Blocking ports in a network is technically EXACTLY the same thing as blocking IPs on a mailserver. Given a list of targets, you block a resource. See?
Heck, they could (and probably do) even use the same RBLs for the port-blocking.
The concern here is not that they DO block, but on what data-source the block and how long.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
In my opinion Comcast should use a silimar system like cbl.abuseat.org. However, they should ensure that spam-zombies can not automatically remove themselves from the list. Perhaps removal should require the dialup-password or something similar.
As for spam-blocking dynamic ips:
For all IPs in dialup-rbls, IPs without a reverse-ptr and IPs with more then one digit in the hostname I use greylisting with a delay of 300 seconds.
This has served me equally well with a maximum efficiency.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
I did not see any drop of traffic today. I checked the logs and saw a 50% reduction in spam coming from comcast and attbi. I also saw a 50% increase of spam coming from t-ipconnect and others.
For me this didn't work.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
they're quite happy using their ISPs SMTP server to relay their messages, so "blocking por 25 is the end of the internet" is a bogus argument.
for the 1 or 2% of the users who really need access to external SMTP servers comcast could set up a "white list" to allow them such access.
in other words, what comcast is doing is firewalling in behalf of their users since most of them have no idea what a firewall is.
What ? Me, worry ?
I see all this pining for the "way the internet was". And I don't get it.
All the problems we're having are precisely _because_ of the open and unregulated way the Internet was. The Internet was designed on the assumption that everyone will be nice, stick to the RFCs religiously, etc. Noone put much thought into the "well, what if they don't?" part. That's the worst design anti-pattern possible and the nemesis of security.
And unsurprisingly that shiny-happy-optimistic approach has failed again and again. E.g., it didn't even take _that_ long for someone to figure out that by intentionally not conforming to the RFCs they can syn-flood and crash a machine.
It's like preaching the ideal society where there are no laws, rules or authorities, and everyone can do whatever they please. It will be such an awesomely nice place, as long as everyone will be nice to each other. But they surely will, right?
Except it's not a realistic scenario.
A polar bear is a cartesian bear after a coordinate transform.
spfilter
Brings in all these, updated daily.
Talking to an SMTP server is easy. Don't believe me? Telnet to your ISP's smtp server (port 25, obviously) and send the bytes for "HELP". Poof, 99% of the time you'll get every command that server accepts. It doesn't take long to figure out how to use it, even if you are too lazy to read RFC 821 (start at "APPENDIX F" and I bet you're telneting email via telnet in 30 seconds or less).
/. discussion deals with issues "underground" relays present, but just remember this -- the SMTP servers you're relaying to don't really care if you're sending from port 25. That's convention. You're likely to find SMTP at smtp.myisp.com's port 25, but it really doesn't make any difference, and even in some email clients it's an option to change.
But wait, were you telnetting *from* 25? Of course not. Yet, somehow, it still worked (likely only if your "rcpt to" entry had a local domain).
Malware can use any port they want to relay from a zombie box to smtp.openSmtpRelay.com 25 as well.
Another thread on this
It's issues like those described in that thread that'll help ultimately bring down spams. Telling malware writers to use another port, which is all Comcast's doing, as others have pointed out, will just have ISPs blocking ports until there are no more ports to block.
It's all 0s and 1s. Or it's not.
And even those of us who do have 24/7 internet connectivity don't necessarily leave our computers on all that time (at least those of us who pay the electricity bill). It seems more efficient to leave email on a server used by a lot of people while I am asleep than for each user to run their own.
I am TheRaven on Soylent News
Less spam coming from Comcast but the same amount or more seems to be coming in. Most of it seems to be address to me and must have come from the sale of AOL addresses. Since anyone with an AIM address, which is probably most people, got their real email addresses sold to spammers I am sure we can count on are mailboxes being stuffed for sometime to come.
The should really slam it to the person who stole the list from AOL. Tracing the list and going after the people who bought it would be a great idea as well. Until then thank god for Apples mail.app's Bayesian filtering!
A quick check of some of the other major US ISP's as shown similar reductions in outbound mail. Could it be that we're just in a lull and the pee-pee peddlers are just trying to come up with a new way to spell V|@gr@?
The world according to SComps
Why does anyone still use SMTP and mail readers? I cannot understand this at all. I have used Yahoo for years now, and I don't regret it in the least. I can check my e-mail from anywhere, their spam filters work like a champ, 2GB of space.
If the ISPs were smart, they would quit giving out e-mail addresses and shut down port 25 till you ask for it to be open. Businesses, corporations, etc aside, SMTP has been abused to the point where it would probably be better left for dead.
Flame on..
While it is difficult to argue with the results, if I can help it, I will never purchase Internet service from a company who arbitrarily blocks ports (especially ones that I may want to use...outbound port 25 being one).
When I buy Internet service, I want the whole Internet -- I don't want surprise ports blocked when my ISP thinks it's convenient. What's worse is that they typically don't inform users that the ports are blocked. You just have to figure that out.
At work, I have users who work at home and use dialup and broadband service from providers like Cox (cable), Comcast, and Earthlink. All of these providers block port 25 in at least a few regions. This is a major PITA, since I need company mail to come thorugh company mail servers (various reasons, one being that many of these ISP's don't have particularly good SMTP service and I deal with calls like "X didn't get my email, what's up?") I've set up service on a separate port, but it just adds one more configuration step for users who are already completely lost.
Again, I understand why ISP's are turning to this, and I can see the results, but it's still a lame policy. If I can help it, I won't buy Internet service (business or personal) from any company that blocks port 25.
-Turkey
... and then open it up for individual users on request. Anybody who knows enough to ask for a port to be opened for them is likely not going to have a problem with a spamming trojan anyway.
The point of having multiple spam bots sending your crap out is to increase the amount of crap you can send. If they are going around setting up SMTP relay bots, then whole exercise is rather pointless, as the bandwidth is still all being shuffled through that relay.
Look at it like this:
With two computers, I've got twice the bandwidth as one computer, and so can send twice the spam.
But with one computer relaying through the other, the bandwidth of that computer is now irrelevant, everything has to go through the relay. Instead of having a relay, it's more efficent to just send the spam from the relay.
Relaying doesn't fix the problem for spammers. And your idea about originating ports is useless, because they're blocking based on destination port, not originating port. Nobody gives a shit about originating port, for almost any protocol. If you want to send spam to ISP's, then you have to connect to SMTP servers to send your spam to, and you have to connect on the port they use, which is port 25 by convention. You cannot work around that fact.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
First, as others have noted you appear to have not read the post. I'm not at home so I can't verify that it's *not* blocked for everyone, but I doubt that it is.
Second, unless you're running your own server and connecting directly to remote systems why use straight SMTP? If you're connecting to a SMTP server at a hosting company, see if they do (or will) support SSL encoded SMTP on port 465 - if you're using a hosting company's server you're probably authenticating as well, so this is also a way to avoid doing so over a clear channel. On the other hand, if you are running your own server and going direct you're probably having a fair percentage of your messages dropped as an increasing number of sites refuse to accept messages sent via direct connections from dialup or broadband ISP client addresses.
fencepost
just a little off
As someone's pointed out (and as I tried to submit 2 minutes after I posted; assumed it went through -- perhaps there's a spam filter on Slashdot where I can't post twice quickly? How ironic...), the port blocked is the destination port. I'm an idiot. The original post is BUNK.
As as I tried to point out at 09:14, mod me down, I completely missed the point originally. Hope you enjoyed the RFC link. *sigh* I even previewed.
It's all 0s and 1s. Or it's not.
I actually don't mind their policy - it's a little annoying at first, but that goes away quickly.
By default, they block all outbound SMTP - it's just not available. It's easy to get it unblocked for your account - there's no charge, just get in touch with their tech support folks and it's a simple matter. There's only one catch - you can only get it opened up after you've been a customer for a month.
fencepost
just a little off
How about sharing the code with us?
stfu
less spam isnt acceptible, the only answer is NONE
You're absolutely right. If they can't completely stop spam, they shouldn't even try! In fact, they should send more spam, since less spam isn't acceptable!
NO CARRIER