Slashdot Mirror
Comcast Port 25 Blocks Result In Less Spam
Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from
their network, they decided to identify spammers and zombie relays on their
network and block
port 25 traffic from those IP addresses. Comcast's efforts are starting to
pay off. They announced the amount of spam from their network has dropped
35 percent since they began port blocking and
traffic estimates from SenderBase seem to confirm the claims. Spam coming
from Comcast subscribers who were formerly on AT&T networks also
seems to have decreased'."
Here's the actual Ars Technica story that wasn't linked, but copied and pasted as the Slashdot story.
Something I've been wondering about though is SpamCop's yearly stats. Since April, spam reporting has been going down. Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled? I know on my mail server I've implemented some straight blacklist checks primarily using sbl-xbl.spamhaus.org and it's been working great with no false positives. Some spam still gets through, but SpamAssassin usually catches it with other checks.
Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?
I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.
- Greg
Start a happiness pandemic
The problem is those machines aren't actually the spammer, they are comprimised machines that the spammer is controlling.
Although, it seems to me like it would be a nice project to send a Comcast truck around the neighborhood with a list of comprimised machines, armed with a laptop running an ethernet sniffer, then use that information to track down who's controlling the machines.
Only problem is that it probably leads to machines not within the reach of US-based subopaenas.
Gentoo Sucks
Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased.
Seems as as we are *still on* an ATTBI network. I was originally an ATTBI subscriber, and the Comcast transition occured many months ago. Interestingly enough, my rDNS still resolves to:
[ip].[state].client2.attbi.com
Seems awfully odd that this remais.. one would think, at least for the sake of the brandname, that this would be reporting comcast.net
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.
I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
I don't see the problem here. These machines have been *hijacked* so there should be no issue cutting them off from the internet if not for the internet's sake, than for the sake of the owner of the computer! I mean, if the machine has been comprimised, there could be a keylogger running just as easily as a spambot program. Pull the damned thing off the internet and tell the user to fix their machine. If they don't know how to do this, charge them $20 for a technician to come out there and run adaware, S&D, etc...or offer to send them these programs on a CD through the mail or for pickup at the ISP office.
There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?
No, that is a problem. As a software developer, I frequently send large attachments to customers that have no other means of receiving them. Being forced to bottleneck ALL my mail through an ISPs mail server (with all the irritating limitations that entails) is simply unacceptable. Furthermore, I personally have Comcast and they were the reason I originally set up my own mail server: theirs was so unreliable that about 20% of my mail just never got through it. Supposedly they've improved that, but I still have my system set to try a direct connection first and only route through Comcast's SMTP server if the direct attempt fails.
Furthermore, given that the court system has decided that it is entirely okay for ISPs to read their customers' mail at will, I don't necessarily want my confidential emails passing through, and being logged by, their mail server. Perhaps you don't particularly care about that but many people do. Yes, I know they can monitor my IP traffic any time they wish, but there isn't any reason to make it easy for them by just stuffing my messages onto their hard disks.
Fortunately, at this point Comcast has not chosen to simply block all SMTP transfers, just those from known abusers, so I don't really have a problem with that (for now.) But I do think that reducing or eliminating the capability of the Internet is not the way to solve problems like this, because once ISPs get in the habit of limiting what we can do with the network we will be hard pressed to get back the freedom we have now. I like the fact that any computer on the Internet can connect to any other and communicate in ways defined by the users of those machines. That fundamentally egalitarian aspect of the Internet is what makes the network so useful (and so scary to certain powerful people.) Allowing those that provide our connectivity the power to pick and choose how we communicate is a bad precedent, and one that we will regret. It won't be long, mark my words, when Port 25 access is simply GONE for anyone but a big corporation or Internet provider, unless you want to pay a monthly "SMTP access charge" or something similar. There's already been talk of charging for access to specific types of connectivity. Imagine having to pay an extra $5.00/month "Instant Messaging access charge" for ICQ users, or a "mandated RIAA maintenance fee" for P2P. Keep the damn ports open, block those systems that cause problems, and let the rest of us use the Internet in ways that benefit us.
The higher the technology, the sharper that two-edged sword.
Comcast (hereby referred to as Spamcast) has ignored their massive spam problem for years now. Fortunately for me the solution was to firewall all of their dynamic space from my mail server.
Apparently Spews thought nuking the dynamic users wasnt enough, and blacklisted all of their dynamic space plus most of their corporate servers as well.
One of these days Spamcast will wake up and realize that a huge chunk of the internet has blackholed them. I only wonder how many months or years it will take for the clue to sink in.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I believe a home visit by a cattle-prod wielding Company Representative would also do the trick, and I'm sure myself and other recipients of offers such as "Increase Your Penis Size While Improving Your Search Engine Placings On Google" would willingly fund this if neccessary.
I don't know about you, but I have been responding to all the "Increase your Penis" ads, and now my wang is so big, I had to buy new pants. Thanks to all those guys in Africa, I have more money in my bank account than I could hope for. I used it to buy stocks based on tips that these guys have been sending me, and have doubled my money in a week every time. Of course, it doesn't really matter, because I am buying software for 80% off retail, get people sending me really cool screen savers for free, and refinanced my home at unheard of interest rates.
Now I'm getting tons of email from girls that want me to meet them and their coed girlfriends, so the new, bigger penis will come in handy. I even ordered some discount Viagra so I can keep it going all night. I think what really impressed them was my new university diploma, that I received for my lifelong accomplishments.
Gotta run, looks like someone just sent me a greeting card. Hope its one of the hot college chics. I still don't see what all the fuss is about...
Tequila: It's not just for breakfast anymore!
Do you know that SpamCop has a "quick reporting" option (you have to ask to get it enabled for you)? With quick reporting, you only need to submit the spam via email and the source IP gets automatically reported (but no reporting of spamvertized web sites this way). This way you do not have to go to clicking through their web site, and the bl.spamcop.net still gets all the data.