Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Port 25 Blocks Result In Less Spam

Posted by timothy on from the choke-it-off dept.

Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from their network, they decided to identify spammers and zombie relays on their network and block port 25 traffic from those IP addresses. Comcast's efforts are starting to pay off. They announced the amount of spam from their network has dropped 35 percent since they began port blocking and traffic estimates from SenderBase seem to confirm the claims. Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased'."

10 of 381 comments (clear)

  1. But For How Long? by gbulmash · · Score: 5, Insightful
    Those numbers are all really nice, but isn't this just putting one of those little dot band-aids on a stab wound? It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block? How long until new worms are traversing the net, creating worldwide bottlenecks, pinging out from newly zombied PCs to find the latest Windows vulnerability and install themselves?

    Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?

    I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.

    - Greg

    --
    Start a happiness pandemic
    1. Re:But For How Long? by Baron_Yam · · Score: 4, Insightful

      Which is why (some) Windows users learned to hide behind NAT or disable their Messenger service - because some spammers moved on from email to direct popups on the desktop.

  2. flipside by name773 · · Score: 4, Insightful

    this is grand and all, but i run my own mailserver (merely to get a 5gig inbox and the username i want), and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.
    spammers aren't the only ones being blocked by spam prevention

    1. Re:flipside by bourne · · Score: 4, Insightful

      Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

      I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.

      No, thanks. I prefer my mail without random 24-48 hour delays and invisibly dropped messages. That's not how mail is "supposed to work."

  3. Why just the port? by jarich · · Score: 4, Insightful
    I understand that these machines have been hijacked and the owners aren't at fault (unless you count negligence)... but all that being said...

    1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.

    2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".

    Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!

    --
    Agile Artisans
    1. Re:Why just the port? by cdavies · · Score: 4, Insightful
      The problem is, none of that is in the best commerical interests of comcast, so they won't do it.

      Actually contacting people costs money because a human has to pick up the phone. Terminating their service costs money for obvious reasons, and charging them for a dubious "service" is likely to get your customer angry at you and waste time and money in calls to your help line.

      In the short term, automated blocking and letting the user ride along is blissful ignorance is the only viable strategy. Isn't capitalism great?

  4. Re:OK, that's step 1... by stefanlasiewski · · Score: 4, Insightful

    Step 2 is finding the spammers, since it's likely that most of these spam machines are comprimised machines running windows, the machine's owners are probably oblivious that their home machine is sending Spam.

    Step 3 is take these selfish bastards to court.

    --
    "Can of worms? The can is open... the worms are everywhere."
  5. Disable their Internet connection by mikeg22 · · Score: 5, Insightful

    I don't see the problem here. These machines have been *hijacked* so there should be no issue cutting them off from the internet if not for the internet's sake, than for the sake of the owner of the computer! I mean, if the machine has been comprimised, there could be a keylogger running just as easily as a spambot program. Pull the damned thing off the internet and tell the user to fix their machine. If they don't know how to do this, charge them $20 for a technician to come out there and run adaware, S&D, etc...or offer to send them these programs on a CD through the mail or for pickup at the ISP office.

    There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?

  6. Re:Good job on the cut and pase by Night+Goat · · Score: 4, Insightful

    I used to report spam more diligently than I do now. Nowadays my filtering does a pretty good job, and only occasionally when I am bored do I report spam. And I've given up on the Chinese spam. Those servers have admins who don't care. I used to think maybe it was the language barrier, but they must get enough e-mails with the word spam in them that it's got to be a word they recognize. So I think it's just people are reporting less spam.

  7. meanwhile, Comcast's SMTP server is slow as hell by adpowers · · Score: 4, Insightful

    Yay! Now we are all forced to forward our mail through Comcast's SMTP server.

    Actually, I have been sending all my mail through Comcast's SMTP server for a while now, because AOL blocks mail directly from my (semi-)dynamic IP address. So, if I want to send mail to AOL users (well, the rest of the family using the SMTP server), I have to send it through Comcast's slow-as-hell mail server.

    When I send mail to Gmail, for example, directly from my server, it takes just a few seconds to appear in my inbox, but when I forward it through Comcast, it often takes an hour or more.

    Now, this is not completely Comcast's fault, AOL is to blame as well. It really pisses me off that I lose the speed and privacy that comes with having my own SMTP server just because the big providers can't figure out any ways to deal with spam. Fun.

    Andrew