Comcast Port 25 Blocks Result In Less Spam

Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from their network, they decided to identify spammers and zombie relays on their network and block port 25 traffic from those IP addresses. Comcast's efforts are starting to pay off. They announced the amount of spam from their network has dropped 35 percent since they began port blocking and traffic estimates from SenderBase seem to confirm the claims. Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased'."

Good job on the cut and pase

[by Anonymous Coward]

Here's the actual Ars Technica story [arstechnica.com] that wasn't linked, but copied and pasted as the Slashdot story.

Something I've been wondering about though is SpamCop's yearly stats [cesmail.net]. Since April, spam reporting has been going down. Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled? I know on my mail server I've implemented some straight blacklist checks primarily using sbl-xbl.spamhaus.org [spamhaus.org] and it's been working great with no false positives. Some spam still gets through, but SpamAssassin usually catches it with other checks.

Re:Good job on the cut and pase

[JumperCable (673155)]

Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled?

I know I have stopped reporting all my spam. It took too much time. Now I just target the ones that make it past my spam filters (OK, I have kind of given up on that too).

But I have noticed a drop in spam recently. Maybe spammers are on spring break.

Re:Good job on the cut and pase

[thedillybar (677116)]

>I know I have stopped reporting all my spam. It took too much time.

I wrote a perl script that I can pipe to from pine. It does a quick check with whois.abuse.net and forwards it off. Soon I may be adding whois.arin.net checks as well as traceroutes to track down the abuse e-mail contact.

It's real easy to pipe 200 messages to a script everyday before you leave for the day...

Have you tried SpamCop's "quick reporting"?

[Alexey Nogin (10307)]

Do you know that SpamCop has a "quick reporting" option (you have to ask to get it enabled for you)? With quick reporting, you only need to submit the spam via email and the source IP gets automatically reported (but no reporting of spamvertized web sites this way). This way you do not have to go to clicking through their web site, and the bl.spamcop.net still gets all the data.

Re:Good job on the cut and pase

[silentbozo (542534)]

I think it's fewer people reporting spam. My spam count has increased (400+ a day), but I gave up reporting to SpamCop a number of months ago because I couldn't keep up. I emptied my held mail a few weeks ago, and had 6000+ messages on the system. I know SpamCop has been throwing away the older ones that I haven't gotten around to reporting/cleaning out, because I store a local copy of the mail going to SpamCop and I've archived WAY more than that...

Re:Good job on the cut and pase

[Night Goat (18437)]

I used to report spam more diligently than I do now. Nowadays my filtering does a pretty good job, and only occasionally when I am bored do I report spam. And I've given up on the Chinese spam. Those servers have admins who don't care. I used to think maybe it was the language barrier, but they must get enough e-mails with the word spam in them that it's got to be a word they recognize. So I think it's just people are reporting less spam.

Re:Good job on the cut and pase

[Pharmboy (216950)]

I used to report spam more diligently than I do now.

Same, but now I filter through and make sure I report all Comcast spam, since it may actually make a difference. I have definately seen a reduction in spam from comcast since the report. We receive many THOUSANDS of spam messages a day for less than two dozen email addresses over 2 domains. I don't even log virus hits anymore, they just delete. A couple hundred a day. I only report spam to known major ISPs. Over 97% of the traffic at our mail server is spam or viruses. Sad.

Regarding chinese/russian/korean spam, I just block several thousand class B IP blocks. Yes, this is not the best method, but then again, since I don't email anyone in China, etc, perhaps it is.

Also, any domain that sends spam, and doesn't have an abuse@ address is blacklisted instantly. Several small ISPs fit into this catagory. I will NOT fill out a form on a fucking web page to report spam. No abuse@, no access.

optonline and adelphia seem to be the worst about not responding to spam, and verizon is the WORST. God I hate them, for so many reasons. I have the least problems/repeats with spam from rr.com and aol.com, ironically.

But For How Long?

[gbulmash (688770)]

Those numbers are all really nice, but isn't this just putting one of those little dot band-aids on a stab wound? It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block? How long until new worms are traversing the net, creating worldwide bottlenecks, pinging out from newly zombied PCs to find the latest Windows vulnerability and install themselves?

Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?

I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.

- Greg

Re:But For How Long?

[rsmith-mac (639075)]

It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block?

They can't, that the beauty of it. Standard SMTP servers listen on port 25, as defined in the RFC; with port 25 blocked, it's simply not possible for spam zombies to talk to normal SMTP servers, period.

Re:But For How Long?

[Baron_Yam (643147)]

Which is why (some) Windows users learned to hide behind NAT or disable their Messenger service - because some spammers moved on from email to direct popups on the desktop.

Re:But For How Long?

[Sylver Dragon (445237)]

Let's just toss out an idea (poorly formed), but might work.
As each PC gets infected with the spambot, the first thing it does is try to contact a known SMTP server on the web. If it can get through, it sets up shop as normal, and opens up another port, lets call it port 12345 for now.
Now, if the spambot cannot contact the chosen SMTP server(might even go through a list of them), it starts scanning the internet for any IP listening on port 12345. If it finds an system operating on port 12345, it sends

Re:But For How Long?

[by Anonymous Coward]

It's not access to your machine's port 25 that is blocked. It is access from your machine to port 25 on other systems.

Re:But For How Long?

[MntlChaos (602380)]

You misunderstand. They block connections from their network to port 25 on any machine except their mail servers. Thus any slave computers can't send out e-mail without it hopping past their servers (and likely a quick phone-call from their abuse department).

Re:But For How Long?

[gbulmash (688770)]

"spam spurting from their digital arteries"? Are you saying spam is the fluid of life, without which comcast will not survive?

A few months ago, I had a bad staph infection in the groin. One morning, as I walked into the bathroom, a portion of it burst. Suddenly the bathroom floor was splattered, a puddle of blood and pus at my feet, more of it dribbling down my leg.

For the next week, I had to pack the area with fresh gauze 2-3 times a day, the used packing coming away from the wound tinted a sickly melange of yellowish-green and red.

That's more what I was thinking.

- Greg

P.S.: True story.

Re:But For How Long?

[FlyingOrca (747207)]

OK, I've got the mod points, now where's "-1, Too Informative"? ;-p

OK, that's step 1...

[WIAKywbfatw (307557)]

Step 2 is to take these selfish bastards to court. They were clearly breaching the terms and conditions of their accounts, so proving a case against them won't take more than five minutes.

Once a few of these spammers have lost everything including the shirt on their backs then you'll see a serious drop in the number of people who think that spamming is a quick and easy path to riches.

Re:OK, that's step 1...

[cmowire (254489)]

The problem is those machines aren't actually the spammer, they are comprimised machines that the spammer is controlling.

Although, it seems to me like it would be a nice project to send a Comcast truck around the neighborhood with a list of comprimised machines, armed with a laptop running an ethernet sniffer, then use that information to track down who's controlling the machines.

Only problem is that it probably leads to machines not within the reach of US-based subopaenas.

Re:OK, that's step 1...

[AKnightCowboy (608632)]

The problem is those machines aren't actually the spammer, they are comprimised machines that the spammer is controlling.

Why would a legitimate businessman in the bulk e-mail industry use hacked machines? That'd be clearly illegal. Oh that's right, sometimes I forget, they're fucking scumbag criminals who would steal their parents' social security checks if they could get away with it.

Re:OK, that's step 1...

[stefanlasiewski (63134)]

Step 2 is finding the spammers, since it's likely that most of these spam machines are comprimised machines running windows, the machine's owners are probably oblivious that their home machine is sending Spam.

Step 3 is take these selfish bastards to court.

Incoming or outgoing 25?

[by Anonymous Coward]

I suppose it's port 25 outgoing, right? The same one that Earthlink has blocked for ages. (not sure if they still do) The same one that won't let you send SMTP mail with a different domain even if you owned the domain name?

I understand it's for spam-fighting and they only go after the uber-offenders...but it's definitely something to watch for since the ability to send mail (through the domains of our choosing if we own it) should be a fundamental feature of an ISP.

Re:Incoming or outgoing 25?

[ScrewMaster (602015)]

No, that is a problem. As a software developer, I frequently send large attachments to customers that have no other means of receiving them. Being forced to bottleneck ALL my mail through an ISPs mail server (with all the irritating limitations that entails) is simply unacceptable. Furthermore, I personally have Comcast and they were the reason I originally set up my own mail server: theirs was so unreliable that about 20% of my mail just never got through it. Supposedly they've improved that, but I still have my system set to try a direct connection first and only route through Comcast's SMTP server if the direct attempt fails.

Furthermore, given that the court system has decided that it is entirely okay for ISPs to read their customers' mail at will, I don't necessarily want my confidential emails passing through, and being logged by, their mail server. Perhaps you don't particularly care about that but many people do. Yes, I know they can monitor my IP traffic any time they wish, but there isn't any reason to make it easy for them by just stuffing my messages onto their hard disks.

Fortunately, at this point Comcast has not chosen to simply block all SMTP transfers, just those from known abusers, so I don't really have a problem with that (for now.) But I do think that reducing or eliminating the capability of the Internet is not the way to solve problems like this, because once ISPs get in the habit of limiting what we can do with the network we will be hard pressed to get back the freedom we have now. I like the fact that any computer on the Internet can connect to any other and communicate in ways defined by the users of those machines. That fundamentally egalitarian aspect of the Internet is what makes the network so useful (and so scary to certain powerful people.) Allowing those that provide our connectivity the power to pick and choose how we communicate is a bad precedent, and one that we will regret. It won't be long, mark my words, when Port 25 access is simply GONE for anyone but a big corporation or Internet provider, unless you want to pay a monthly "SMTP access charge" or something similar. There's already been talk of charging for access to specific types of connectivity. Imagine having to pay an extra $5.00/month "Instant Messaging access charge" for ICQ users, or a "mandated RIAA maintenance fee" for P2P. Keep the damn ports open, block those systems that cause problems, and let the rest of us use the Internet in ways that benefit us.

A big dent

[koreth (409849)]

I noticed a big drop in the daily message traffic to my mail server (which receives about 85% spam, last I checked) around the time Comcast put their policy in place. It seems like about a 25-30% drop in overall message traffic, which is in line with the numbers they quote.

Kudos to them for doing a good job of it -- my home Internet connection is through Comcast, and I haven't experienced any trouble sending mail to my own SMTP server on another network. They could so easily have just gone the "all SMTP traffic must go to our hosts" route, but they're doing it the right way instead. Nice to see.

flipside

[name773 (696972)]

this is grand and all, but i run my own mailserver (merely to get a 5gig inbox and the username i want), and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.
spammers aren't the only ones being blocked by spam prevention

Re:flipside

[prockcore (543967)]

and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.

Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.

Re:flipside

[jfengel (409917)]

Many ISP mail servers refuse to relay mail. If neither the FROM nor the TO addresses belong to that server, they'll reject your message. That means you end up receiving mail on the ISP's mail server, and that completely obliterates the point of running your own mail server.

The reason for that is obvious: it prevents the mail server from being used to relay spam. But it's also very frustrating if you want more flexbility and you're not a spammer. I don't know comcast's policy; perhaps they'll accept relaying from inside their network.

Re:flipside

[bourne (539955)]

Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.

No, thanks. I prefer my mail without random 24-48 hour delays and invisibly dropped messages. That's not how mail is "supposed to work."

Re:flipside

[Some Dumbass... (192298)]

No, thanks. I prefer my mail without random 24-48 hour delays and invisibly dropped messages. That's not how mail is "supposed to work."

You mean that's not how _e-mail_ is supposed to work. I'm pretty sure that's exactly how regular old _mail_ is supposed to work, and the postal service is doing a great job of implementing that system, thank you.

Re:flipside

[batkiwi (137781)]

Look into "smarthost." Every MTA I know of supports it, and it's the proper way to do it.

Lost Port 25 traffic

[by Anonymous Coward]

It's a small price to pay for a wick3d screensaver.

Now can we get un-blackholed?

[tjgrant (108530)]

I have a little mail-server on the end of my cable line for my domain which has three mail accounts on it. I always find it immensely frustrating that my mail server is on MAPS DUL list and people who subscribe to MAPS block my mail.

It's not been a big enough issue that I've installed SASL for my postfix server, but it would be nice to get off the list.

Re:Now can we get un-blackholed?

[paitre (32242)]

Very, _VERY_ unlikely.

One of the tactics that pretty much -all- DNSBLs (and even some ISPs wholesale - like Comcast, incidentally) is to simply not receive email from dial-up type networks. Comcast's consumer-level cable modem service really is no better than dial-up service from a certain point of view (ie. every j6p is able to use it - and they aren't exactly concerned about security).

The odds of a cable modem network getting out of MAPS is as likely as my winning a million bucks tomorrow - nil.

AT&T - Comcast

[murderlegendre (776042)]

Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased.

Seems as as we are *still on* an ATTBI network. I was originally an ATTBI subscriber, and the Comcast transition occured many months ago. Interestingly enough, my rDNS still resolves to:

[ip].[state].client2.attbi.com

Seems awfully odd that this remais.. one would think, at least for the sake of the brandname, that this would be reporting comcast.net

Less Spam

[radiumhahn (631215)]

... To make up for the difference spammers are making their emails more offensive.

Why just the port?

[jarich (733129)]

I understand that these machines have been hijacked and the owners aren't at fault (unless you count negligence)... but all that being said...

1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.

2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".

Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!

Re:Why just the port?

[cdavies (769941)]

The problem is, none of that is in the best commerical interests of comcast, so they won't do it.

Actually contacting people costs money because a human has to pick up the phone. Terminating their service costs money for obvious reasons, and charging them for a dubious "service" is likely to get your customer angry at you and waste time and money in calls to your help line.

In the short term, automated blocking and letting the user ride along is blissful ignorance is the only viable strategy. Isn't capitalism great?

Re:Why just the port?

[Pharmboy (216950)]

I believe a home visit by a cattle-prod wielding Company Representative would also do the trick, and I'm sure myself and other recipients of offers such as "Increase Your Penis Size While Improving Your Search Engine Placings On Google" would willingly fund this if neccessary.

I don't know about you, but I have been responding to all the "Increase your Penis" ads, and now my wang is so big, I had to buy new pants. Thanks to all those guys in Africa, I have more money in my bank account than I could hope for. I used it to buy stocks based on tips that these guys have been sending me, and have doubled my money in a week every time. Of course, it doesn't really matter, because I am buying software for 80% off retail, get people sending me really cool screen savers for free, and refinanced my home at unheard of interest rates.

Now I'm getting tons of email from girls that want me to meet them and their coed girlfriends, so the new, bigger penis will come in handy. I even ordered some discount Viagra so I can keep it going all night. I think what really impressed them was my new university diploma, that I received for my lifelong accomplishments.

Gotta run, looks like someone just sent me a greeting card. Hope its one of the hot college chics. I still don't see what all the fuss is about...

I might as well sign up with AOL...

[xiang shui (762964)]

I take offense to this kind of thing. I live in northern Alberta, and my ISP, Telus, recently began blocking a wide range of ports, most of which I had previously noticed heavy worm activity on. So I must presume that is their rationale behind filtering these ports. But this worm activity didn't bother me, since I have my machine properly secured. It's none of my concern if some people don't. Now I feel as if I don't have a REAL TCP/IP connection to the internet. I have 65355 ports on my TCP/IP stack that I should be able to use, as I please. But I no longer can, because of this. I run an HTTP server as a testing ground for some of my web projects, and an FTP server so my friends can transfer files to and from my machine. And I'd like other people on the internet to be able to access these ports, since that's what the internet DOES. That's what it's for. If I wanted a private company to dictate how I could use my computer and my internet connection, I would be a regular Microsoft customer. Admittedly, this situation is a little different than the one in the article - since comcast only blocked port 25 of computers known to be transmitting spam. But the situation with Telus is a blanket filtering of these ports for all DSL users, which I completely disagree with, and it actually angers me. Now I have to find a new service provider, and believe me, this isn't easy in the small community where I live.

Blocking connects from broadband subscribers

[perp (114928)]

After I first read about this Comcast thing, I looked into how to block connections directly from spambots on home machines to the corporate mail server I admin (~500 users). I set Postfix up to check_client_restrictions and look up the connecting machine's name in a file that lists all the broadband domain names I could find. The results were so good that I have now added every little ISP whose machines send me spam and started using regexes to catch the ones where if I blocked the domain I'd also block their mail server.

The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.

I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.

If anything I'm seeing more spam

[csk_1975 (721546)]

I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.

Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.

Disable their Internet connection

[mikeg22 (601691)]

I don't see the problem here. These machines have been *hijacked* so there should be no issue cutting them off from the internet if not for the internet's sake, than for the sake of the owner of the computer! I mean, if the machine has been comprimised, there could be a keylogger running just as easily as a spambot program. Pull the damned thing off the internet and tell the user to fix their machine. If they don't know how to do this, charge them $20 for a technician to come out there and run adaware, S&D, etc...or offer to send them these programs on a CD through the mail or for pickup at the ISP office.

There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?

Let's look at some numbers

[bigberk (547360)]

Comparing to these measurements [slashdot.org] I made when Comcast first announced its strategy...

Looking at Comcast's IPs appearing on realtime blocklists, today:
CBL: 17132 (Comcast is 1.3% of CBL)
WPBL: 4779 (Comcast is 9.6% of WPBL)

Compared to the number of Comcast IPs that were spam sources two tweeks ago (19897 and 5199) it does appear that there are fewer Comcast spam sources. However the overall proportion of Comcast IPs in the entire lists haven't changed much from (2% and 10%)

meanwhile, Comcast's SMTP server is slow as hell

[adpowers (153922)]

Yay! Now we are all forced to forward our mail through Comcast's SMTP server.

Actually, I have been sending all my mail through Comcast's SMTP server for a while now, because AOL blocks mail directly from my (semi-)dynamic IP address. So, if I want to send mail to AOL users (well, the rest of the family using the SMTP server), I have to send it through Comcast's slow-as-hell mail server.

When I send mail to Gmail, for example, directly from my server, it takes just a few seconds to appear in my inbox, but when I forward it through Comcast, it often takes an hour or more.

Now, this is not completely Comcast's fault, AOL is to blame as well. It really pisses me off that I lose the speed and privacy that comes with having my own SMTP server just because the big providers can't figure out any ways to deal with spam. Fun.

Andrew

less spam isnt acceptible, the only answer is NONE

[Indy1 (99447)]

Comcast (hereby referred to as Spamcast) has ignored their massive spam problem for years now. Fortunately for me the solution was to firewall all of their dynamic space from my mail server.

Apparently Spews [spews.org] thought nuking the dynamic users wasnt enough, and blacklisted all of their dynamic space plus most of their corporate servers as well.

One of these days Spamcast will wake up and realize that a huge chunk of the internet has blackholed them. I only wonder how many months or years it will take for the clue to sink in.

Now that almost everyone has ~24 hour connectivity

[Peaker (72084)]

Why do we need the mediating storage anymore?

Why not move to use "instant messaging" methods of direct connectivity between the sender and recipient, and only falling back to server storage when necessary?

This allows for much better knowledge of successful/failed delivery.

It may move more control of message reception to the recipients, allowing them to implement extra protections. For example, requiring arbitrary/configurable amounts of computation on the behalf of the sender to send them a message (increasing the cost of a message send) (unless ofcourse the sender is on a white list of known correspondents).

Is any such transition feasible in the near future?

ALL ISP's should be filtering port 25

[humankind (704050)]

The bottom line is that ALL responsible ISP's should be filtering port 25 traffic. This also stops the propagation of the majority of worms. It's a lot easier for those who want to run SMTP servers to request permission to have port 25 allowed, and otherwise block everyone else.

You can bet that Comcast has only done this in response to lots of responsible ISPs starting to wholesale-block all port 25 traffic from their IP space. RBLs continue to be not only the most effective method of stopping spam, but also the only effective method of forcing ISPs to control the rogue behavior of their users.

Re:ALL ISP's should be filtering port 25

[TheAwfulTruth (325623)]

Bullpucky.

The blocking of outbound port 25 (Which Cox has been doing for years) is the begining of the end of the internet.

When ISPs start deciding what their customers can and can't do on the internet, it's the end of everything. Every ISP will just become an small island of service. What next? Block 21? Hey how about blocking everything but 80? But wait, zombie mail relays can be setup on any port, so set them up on 80, now Comcast can't block outbound 80 can they?!?!? So it solves nothing in the long run.

I need port 25 open so that I can send email through my workplace server. In order to do that I now have to send mail to a third party server at port 2525 and SPOOF the return address. But what happens when spoofing is no longer allowed?

Whiolesale blocking of port 25 is a lazy, destructive answer to the problem. It may stop the flow of zombie machine spam in the short term, but it also seriously harms legitimate users of their network.

At least Comcast has the sense to block it for identified zombie machines and not for every IP they own like COX.

Re:Does Bittorent need that port?

[sploo22 (748838)]

No, port 25 is used solely for sending email. It has absolutely nothing to do with BitTorrent. Not only that, but Comcast is only blocking it for spammers and open relays.

Re:Yea right...

[batkiwi (137781)]

Not only can you not read the article, you can't even read the story text.

Here, I'll help you:

"spam from their network has dropped 35 percent"

The important thing is HOW MANY OF THOSE 500 ARE FROM COMCAST'S NETWORK?. Also, compare that to your 2 months ago rates of spam coming from comcast's network.

Come on, how hard is it REALLY to read THE TEXT ON SLASHDOT?

Re:What a crock0sheet

[Nintendork (411169)]

Use DNS Blocklists. There's a few of them out there that allow you to reject SMTP servers on Dynamic IPs. I use dul.dnsbl.sorbs.net and dynablock.njabl.org since sometimes an IP will be on one, but not the other. Even better, use these ones as well.
relays.ordb.org
bl.spamcop.net
list.dsbl.org
xbl.spamhaus.org

I've got all six of them running on my company's mail server. It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive. That way, I can whitelist the sender and sometimes help them if they have an open relay and didn't know it. I've had one false positive in the last year. That's for 50 users in my company, some of which post their email address everywhere and use it in Banzai Buddy forms. ~90% of spam destined for valid mailboxes is blocked. Not bad considering it's free, easy to set up, and maintenance free.

-Lucas

Relaying is not a workaround...

[Otto (17870)]

The point of having multiple spam bots sending your crap out is to increase the amount of crap you can send. If they are going around setting up SMTP relay bots, then whole exercise is rather pointless, as the bandwidth is still all being shuffled through that relay.

Look at it like this:
With two computers, I've got twice the bandwidth as one computer, and so can send twice the spam.
But with one computer relaying through the other, the bandwidth of that computer is now irrelevant, everything has to go through the relay. Instead of having a relay, it's more efficent to just send the spam from the relay.

Relaying doesn't fix the problem for spammers. And your idea about originating ports is useless, because they're blocking based on destination port, not originating port. Nobody gives a shit about originating port, for almost any protocol. If you want to send spam to ISP's, then you have to connect to SMTP servers to send your spam to, and you have to connect on the port they use, which is port 25 by convention. You cannot work around that fact.