Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Port 25 Blocks Result In Less Spam

Posted by timothy on from the choke-it-off dept.

Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from their network, they decided to identify spammers and zombie relays on their network and block port 25 traffic from those IP addresses. Comcast's efforts are starting to pay off. They announced the amount of spam from their network has dropped 35 percent since they began port blocking and traffic estimates from SenderBase seem to confirm the claims. Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased'."

14 of 381 comments (clear)

  1. But For How Long? by gbulmash · · Score: 5, Insightful
    Those numbers are all really nice, but isn't this just putting one of those little dot band-aids on a stab wound? It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block? How long until new worms are traversing the net, creating worldwide bottlenecks, pinging out from newly zombied PCs to find the latest Windows vulnerability and install themselves?

    Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?

    I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.

    - Greg

    --
    Start a happiness pandemic
    1. Re:But For How Long? by Baron_Yam · · Score: 4, Insightful

      Which is why (some) Windows users learned to hide behind NAT or disable their Messenger service - because some spammers moved on from email to direct popups on the desktop.

  2. flipside by name773 · · Score: 4, Insightful

    this is grand and all, but i run my own mailserver (merely to get a 5gig inbox and the username i want), and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.
    spammers aren't the only ones being blocked by spam prevention

    1. Re:flipside by jfengel · · Score: 3, Insightful

      Many ISP mail servers refuse to relay mail. If neither the FROM nor the TO addresses belong to that server, they'll reject your message. That means you end up receiving mail on the ISP's mail server, and that completely obliterates the point of running your own mail server.

      The reason for that is obvious: it prevents the mail server from being used to relay spam. But it's also very frustrating if you want more flexbility and you're not a spammer. I don't know comcast's policy; perhaps they'll accept relaying from inside their network.

    2. Re:flipside by bourne · · Score: 4, Insightful

      Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

      I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.

      No, thanks. I prefer my mail without random 24-48 hour delays and invisibly dropped messages. That's not how mail is "supposed to work."

  3. Re:Good job on the cut and pase by JumperCable · · Score: 3, Insightful

    Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled?

    I know I have stopped reporting all my spam. It took too much time. Now I just target the ones that make it past my spam filters (OK, I have kind of given up on that too).

    But I have noticed a drop in spam recently. Maybe spammers are on spring break.

  4. Why just the port? by jarich · · Score: 4, Insightful
    I understand that these machines have been hijacked and the owners aren't at fault (unless you count negligence)... but all that being said...

    1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.

    2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".

    Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!

    --
    Agile Artisans
    1. Re:Why just the port? by cdavies · · Score: 4, Insightful
      The problem is, none of that is in the best commerical interests of comcast, so they won't do it.

      Actually contacting people costs money because a human has to pick up the phone. Terminating their service costs money for obvious reasons, and charging them for a dubious "service" is likely to get your customer angry at you and waste time and money in calls to your help line.

      In the short term, automated blocking and letting the user ride along is blissful ignorance is the only viable strategy. Isn't capitalism great?

  5. Re:OK, that's step 1... by stefanlasiewski · · Score: 4, Insightful

    Step 2 is finding the spammers, since it's likely that most of these spam machines are comprimised machines running windows, the machine's owners are probably oblivious that their home machine is sending Spam.

    Step 3 is take these selfish bastards to court.

    --
    "Can of worms? The can is open... the worms are everywhere."
  6. If anything I'm seeing more spam by csk_1975 · · Score: 3, Insightful

    I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.

    Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.

  7. Disable their Internet connection by mikeg22 · · Score: 5, Insightful

    I don't see the problem here. These machines have been *hijacked* so there should be no issue cutting them off from the internet if not for the internet's sake, than for the sake of the owner of the computer! I mean, if the machine has been comprimised, there could be a keylogger running just as easily as a spambot program. Pull the damned thing off the internet and tell the user to fix their machine. If they don't know how to do this, charge them $20 for a technician to come out there and run adaware, S&D, etc...or offer to send them these programs on a CD through the mail or for pickup at the ISP office.

    There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?

  8. Re:Good job on the cut and pase by Night+Goat · · Score: 4, Insightful

    I used to report spam more diligently than I do now. Nowadays my filtering does a pretty good job, and only occasionally when I am bored do I report spam. And I've given up on the Chinese spam. Those servers have admins who don't care. I used to think maybe it was the language barrier, but they must get enough e-mails with the word spam in them that it's got to be a word they recognize. So I think it's just people are reporting less spam.

  9. meanwhile, Comcast's SMTP server is slow as hell by adpowers · · Score: 4, Insightful

    Yay! Now we are all forced to forward our mail through Comcast's SMTP server.

    Actually, I have been sending all my mail through Comcast's SMTP server for a while now, because AOL blocks mail directly from my (semi-)dynamic IP address. So, if I want to send mail to AOL users (well, the rest of the family using the SMTP server), I have to send it through Comcast's slow-as-hell mail server.

    When I send mail to Gmail, for example, directly from my server, it takes just a few seconds to appear in my inbox, but when I forward it through Comcast, it often takes an hour or more.

    Now, this is not completely Comcast's fault, AOL is to blame as well. It really pisses me off that I lose the speed and privacy that comes with having my own SMTP server just because the big providers can't figure out any ways to deal with spam. Fun.

    Andrew

  10. ALL ISP's should be filtering port 25 by humankind · · Score: 3, Insightful

    The bottom line is that ALL responsible ISP's should be filtering port 25 traffic. This also stops the propagation of the majority of worms. It's a lot easier for those who want to run SMTP servers to request permission to have port 25 allowed, and otherwise block everyone else.

    You can bet that Comcast has only done this in response to lots of responsible ISPs starting to wholesale-block all port 25 traffic from their IP space. RBLs continue to be not only the most effective method of stopping spam, but also the only effective method of forcing ISPs to control the rogue behavior of their users.