Slashdot Mirror
Spam Blacklist Targets Hijacked Telewest Customers
davidmcg writes "BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm. The Spam Prevention Early Warning System blacklisted the email addresses because a large number of the machines using them have been hijacked by spammers. Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."
I think maybe spam is overrated.. with the right technology in place, it can be defeated. Although indiscriminite blacklisting by Orbs or whoever doesn't really help the situation :(
Overreated? You have lots of people working on solving the spam problem for you. LOTS of effort goes into maintaining those blacklists your provider uses to provide an acceptable spam level for you, and you find it meets your needs.
The only reason you think it might be overrrated is that you are not realizing what an effort is being put forth for you.
.
Blocking port 25 would be cracking a nut with a hammer and also be totally ineffective...
Do you know that spam trojans would never use port 25? why? cause some ISPs block port 25 already. Also it would never stop outgoing mail as no connections to mail servers originate from port 25!
I'd suggest you get some background reading on SMTP and how it works
Spews doesn't block email addresses. As a matter of fact, they don't block anything. Spews is a database of IP addresses.
Underholdning.info
Next time, if BBC News is "crawling", please look at your own link. BBC News is about as good as Google at staying up the whole time. A couple of extra visitors from SlashDot will get lost in the underflow.
PenguiNet: the (shareware) Windows SSH client
This is true... my UK ISP, Nildram, simply blocks port 25 outbound for all machines unless certain conditions are met. Very few home users will have any need for this as they will use Nildram's mail server outbound, so only compromised machines which already run smtp services (and have previously passed the open proxy test) can become an issue - a tiny proportion.
With simple solutions like these, this should be a non-newsworthy item. However, with useless bastards like TeleWest not bothering to do this and permitting unfettered port 25 outbound, it is newsworthy, if only for name-and-shame reasons. Assuming you live in the UK and give a shit, of course ;-)
J.
You're only jealous cos the little penguins are talking to me.
Telewest has had almost one million email address blacklisted by an anti-spam firm.
SPEWS does not block email addresses, it lists IP addresses. Its up to admins who use SPEWS to decide whether or not to use the listing to block email coming from those IPs.
If the users in those affected IPs use a legitimate email server, they can still send email to their hearts content. Only people running their own mail servers and direct-to-mx traffic would be affected.
Telewest already block incoming (maybe outgoing) connections to Windows NetBIOS ports. It shouldn't be too hard for them to add port 25 too.
I am a Telewest customer, but I do not use their mail services (MS Exchange!!!) so this would affect me. However, my email provider allows me to connect to an alternative port (IIRC 2525). I believe this is quite common. GMail uses some non-standard port too.
BTW, Telewest is probably one of the best ISPs in the UK. Reasonably priced and they have no bandwidth caps, which unfortunately seems to becomming the trend these days with UK ISPs.
I have been around long enough to have some educated suspicions as to some people who might be running SPEWS. Only one of those people posts occasionally to nanae, and never about SPEWS. Few real admins have the time to post much, and I suspect that SPEWS is run as an adjunct to their normal duties as admins of mail servers. They probably started out trading information with each other, and eventually decided to make it public for others to use as long as it didn't land them in SLAPP suit land. The FAQ is quite clear. IP addresses are listed when 1) they emit spam that is received by those who run SPEWS, 2) they are advertised in spam received by those who run SPEWS, 3) they are likely to emit spam because they are under the control as the same entity that is permitting #1 or #2, and the spamming is continuing, or 4) they are likely to emit spam because they are under the control of someone associated with previous spam. SPEWS has most certainly reduced spam to me and to my customers who use it. Since the machines belong to me and my customers, we have the right to refuse email from anybody for any reason whatsoever.
is it the fact that it has to send *to* port 25 that's getting blocked?
Yeah, that's right. The source port is irrelevant.
-Stephen
Experience shows that if a provider has one spamming customer that they won't do anything about, then it won't take long before their spamming customers start to proliferate, as spammers clue in that they are a spam friendly provider and start to set up shop. Sometimes providers have moved legitimate customers out of their IPs and put spammers there because the spammers are willing to pay more money than the legitimate customers. They put legitimate customers on IPs that were spamming in order to cause deliberate collateral damage and direct the customer's ire at those who are trying to block spam. They lie about having cut spammers off, they lie about IPs being inhabited only by legitimate customers. There's no reason for a provider to keep even a single spamming customer, and if they balk at removing that customer, the lies and flimflam are almost certain to follow. SPEWS is an early warning system, and as such lists IP's that have an elevated risk of spamming, even if they haven't spammed yet. If you're not interested in an early warning system, don't use SPEWS. Me, I like it. Sorry about the whitespace, I'm just passing through (damn getting paged in the middle of the night and then twiddling thumbs while someone farts around trying to decide what they wanted you for).
actually what he has done is a better deal.
easydns (not his isp) is doing the mail filtering and relaying for him.
so he pays for bandwidth, and pays for dns hosting + mail goodies.
Bandwidth is only usd for what gets by the filter.
If you are hosting a domain for yourself this is a good way to keep the bandwidth costs down.
The truth about Led Zep should never be told on
They are not randomly blocking. They have an escalation policy that expands the netblocks listed from jus the spammers' IP addresses and netblocks to the whole ISP's netblocks, if the problems do not get resolved within a reasonable time period.
I do agree one should be careful of choosing a blocklist to use. SPEWS is one of the most aggressive. It does not fit everyone's needs.
SPEWS does not block whole of China. Only the network providers that do not act on spam complaints. Exactly like the SBL does.
Next time before you insert your foot in your mouth, do some fact checking first.
In Soviet Russia, I ruled you
I've had run ins with SPEWS, they don't just list IP addresses that are spamming but will also list IPs only slightly associated with a spammer.
Example, I had a long term hosting reselling client, he had sites relevant to the local area he lived in at the time, mostly some sites based around Oregon, etc and they were all perfectly legitimate sites. He had never relayed any spam via my servers.
After a couple of years this fellow had taken to working with some of the big spammers, he was doing this elsewhere and I had absolutely zero knowledge of it as the account he had with us was still perfectly normal.
One day I get a call from our NOC that one of our servers had been disconnected due to a SPEWS listing and they were going to terminate my server entirely. I was shocked, I had no idea why and they finally pointed me to the SPEWS listing on the newsgroups.
What had happened was this person had used an email address on the domain he hosted with me as a contact for another domain he was using elsewhere, all of sudden this made me "spam friendly" apparently.
This person caused trouble on several of my servers also because of secondary DNS, SPEWS actually started listing my secondary DNS boxes because of this.
I was quite pissed off because of all of this because my company had zero knowledge of what this client was doing elsewhere and we had nothing at all to do with any spam deliveries and yet we were branded guilty with little choice in booting the client and then begging SPEWS to delist us.
Our TOS states we don't allow spam to generate from our clients nor do we allow it to generate elsewhere pointing towards their domain names hosted with us. It doesn't state we can dictate what they do elsewhere however and frankly we have no business knowing what our clients do elsewhere.
It took two seperate tries to fix this problem, we were delisted only to be relisted again later for the exact same thing and this was after we had completely removed the client from our servers. Our NOC had access to our server and I told them to look for themselves to see we had long since removed the client but had no control over what DNS servers they listed in their zone records, that was the issue the second time, our DNS servers still appearing in the zone records was enough apparently, even if we'd long since removed the domains and zones from our DNS.
In short SPEWS caused hours of downtime for our clients due to a false accusation, we were never informed by anyone at SPEWS this client had ties elsewhere and we had never had any spam sent via our server.
Quite honestly, had SPEWS been a local office I would have probably shown up with a baseball bat and beat some common sense into them for a while.
SPEWS it one of the RBL's that will NOT be used on any mail server we have control over. They proved to us that they are very prone to over reaction. What really makes me mad is would they have listed AOL if the guy had used his AOL email address instead? How about Hotmail? Gmail? Doubtful.
As I asked them, are they listing the guys cable company? His utility providers? The restaurants he eats at?