Forgot your password?
typodupeerror
Spam The Internet Your Rights Online

Comcast Gets Tough on Spam 405

Posted by michael
from the about-time dept.
WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.
This discussion has been archived. No new comments can be posted.

Comcast Gets Tough on Spam

Comments Filter:
  • Question... (Score:2, Interesting)

    by Anonymous Coward
    How do you tell whether your machine is zombie spammer? Is running spybot enough?
    • Re:Question... (Score:5, Informative)

      by TWX (665546) on Saturday June 12, 2004 @06:53PM (#9409094)
      "How do you tell whether your machine is zombie spammer? Is running spybot enough?"

      Just monitor traffic coming into and out of your computer. There are utilities that will let you do that. If you see stuff coming and going that you aren't generating then something is definitely wrong.
      • Re:Question... (Score:3, Informative)

        In case that anser was not sufficient, alt control delete brings up the task manager in windows, from which you can monitor your internet activity... further you can look at your modem's activity lights.
        • Re:Question... (Score:3, Informative)

          by aldoman (670791)
          Totally insufficent.

          1. If you are using an ethernet connection (either to a router or straight to a modem) then you will have a 100mbit link. 30kbyte/sec uplink (because thats what we are looking at) will be less than 1% of utilization which is hard to see at least.

          2. Modem lights only work if you are straight wired but even if you are it's hard to spot it against a background of random network activity that windows gives you.
  • what about mistakes? (Score:5, Interesting)

    by mp3LM (785954) on Saturday June 12, 2004 @06:46PM (#9409055) Homepage
    And what if they make a mistake and block someone who just happens to send a lot of mail?

    Is there a place to appeal?...as good as this could be, I think it's going to inconvenience a lot of people.
    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Saturday June 12, 2004 @06:55PM (#9409111) Homepage Journal
      I don't know how they are about this email blocking thing but when they send you an abuse letter for bandwidth overusage :) you can just call support and they'll talk to you. If you want to find out how much bandwidth it's ok for you to use you basically have to call all over the country (hooray for cellular with no long distance fees) to find some guy in Florida (or such was my path, anyhow) who will tell you not to download more than 90GB/mo.

      Anyway I installed MRTG and did the math [google.com] after I got the abuse letter and now I just watch to make sure I haven't downloaded more than about 250kbps averaged over the month (I'm at 181kbps right now) and bingo, problem is solved and I haven't got another abuse letter. Personally I find that to be a pretty pathetic amount of transfer per month but they have a monopoly on broadband here unless you are willing to count satellite as an option, which given the latency, I am not.

      Regardless, I'm sure calling technical support will actually be useful in the case where you're not sending spam. However, I have a feeling that they're actually scanning your outgoing messages for particular content. This is not particularly hard to do, and since it's done by an automated system it's not a breach of privacy unless they're holding logging information which contain parts of your emails longer than necessary.

    • Well, if you are running a relatively legitimate mail server, odds are that it's going to be an MX in someone's DNS entries for a domain. If there is no forward resolve for 'mail.whatever' or 'smtp.whatever' or 'mx.whatever' then odds are good that something is wrong. If Comcast is allowing people to use their own mailservers, they just need to deny all by default and open your port 25 up if you call and ask, if they don't do more thorough checking like above.
    • by JWSmythe (446288) <jwsmytheNO@SPAMjwsmythe.com> on Saturday June 12, 2004 @07:01PM (#9409146) Homepage Journal

      That's a good one to ask AOL..

      They've been blocking virtually anyone sending lots of mail towards them. You have to sign up for their feedback loop, then for their whitelist. In our case, we send a lot of mail to users, because they write to us asking questions. There's plenty of mail going back and forth, but none of it is spam. Most are written by humans, some are automated (You just completed this function, your tracking number is....). They've been doing hit and miss blocking just because they can. It's really annoying. They blocked my workstation because I sent out 4 messages to AOL users in the same day. {sigh}. For my workstation, it's not a big thing, I just changed the IP. But, it's more of a pain for servers.

      It doesn't make a lot of sense. I've known spammers. They'll get multiple lines from multiple providers, and keep switching IP's and networks to keep from being blocked. It's all a big act just to make it look like they're being all progressive, even though they're really just annoying legitimate people. Kinda like the TSA.

      One of our clients, with his own server and a completely opt in mailing list (like, you specifically have to ask to be on the list) was blocked. He spent hours on the phone with AOL, and got me in on a conference call with them. The support people I spoke with were completely dense. We gave up on any political approach, and just moved his mail server off to another network. He only has about 2000 people who receive his newsletter, and the people not getting it on AOL were actually complaining that they weren't getting them.

      Hopefully Comcast will be more professional about it. I know Roadrunner (now Bright House Networks) were absolute dicks about it. They once disconnected my service because I had a DNS server running. I tried to explain to them that their DNS servers sucked (about 5 to 10 seconds to resolve any name). Instead of fixing their problem, they were busy blocking users. {sigh}

      • by drinkypoo (153816) <martin.espinoza@gmail.com> on Saturday June 12, 2004 @07:30PM (#9409296) Homepage Journal
        How did they come to notice that you were running a DNS server anyway? Did they port scan you or something? And why didn't you just firewall it? It's not like requests from a caching nameserver look substantially different from requests from the local resolver.
      • Here's how it works:

        AOL user has a button in their email "this is spam" or "I don't want this" or somesuch.

        When they hit the button, the message and headers are sent to some server.

        The server automatically blocks the IP of the SMTP server that sent the message so it can no longer send email to AOL.

        This works in theory, execpt many users treat this button as a way to muffle their annoying friends. So a "forwarded joke" can get flagged as spam even if it is from their cousin on a small local ISP. There
    • Enough with this blocking of spam!

      As we come up with newer ways to block spammers, they will undoubtedly come up with more brilliant spelling errors and other methods to bypass blocks.

      The time has come for real legislation to make this a crime, punishable by the law. Maybe some of it will stop from legal imprecations... My idea would be some sort of bounty hunting system... A system in which the government would set rewards for geeks who locate and inform the government of spamming distributors.

      And

  • by Laivincolmo (778355) on Saturday June 12, 2004 @06:46PM (#9409058)
    I still don't understand how spam exists economically. I guess people are dumber than I thought:
    "Wow! I think I'll find out more about this Viiagraa! Thanks hf387hfjsd73@hotmail.com!"
    • by Anonymous Coward on Saturday June 12, 2004 @07:11PM (#9409210)
      penis enlargement [wikipedia.org] is dangerous and ineffective.

      tell your small dicked friends!
    • by vena (318873) on Saturday June 12, 2004 @07:26PM (#9409279)
      that's just it, economics. for a spammer to send out 1mil emails, the cost is trivial (for the spammer). if they get a response of just 1%, that's 10,000 customers, .1% gives 1,000 customers. that's not a bad haul for a fly-by-night pharmacy with likely very little overhead. they likely have no warehouse, no real store or property outside of the home of the person running it and postage is paid by the consumer.
    • by NanoGator (522640) on Saturday June 12, 2004 @07:26PM (#9409281) Homepage Journal
      "I still don't understand how spam exists economically. I guess people are dumber than I thought:"

      Hehe.

      I know you're being funny here, but I think there is a general misconception that the people recieving spam actually have to buy stuff. The spammers are paid to get the messages out to x number of people. Their success is not dependent on the actual return rate on the advertising money. It will, however, affect reoccurring business.

      To put it another way, I doubt that lack of customers will make the spam go away. I mean, geez, there are still N-Gage commercials on TV.
      • Basically some of the people probably do buy this stuff, they only need a miniscule number of customers to pay for this.

        That number of people is probably much less than 1% of the recipients, but they are probably people that don't want to discuss their inadequacies face to face with other people. It is also these people that won't report a fraud to the police because they are too embarased to say what they tried to buy and too embarased to say they've been swindled.
        • Here's why (Score:3, Interesting)

          by Tony-A (29931)
          Note the DO NOT REPLY TO THIS EMAIL ADDRESS.
          The fax address could also be faked.
          At 20 million addresses, that makes my eyeballs worth .005 cents.

          I am insulted!

          (some stuff deleted to avoid lameness filter)
          EMAIL BLAST CAMPAIGNS
          ARE YOU TOO BUSY TO SEND OUT YOUR EMAILS YOURSELF?
          WHY NOT LET US DO IT FOR YOU?
          HOW MANY WOULD YOU LIKE US TO BROADCAST FOR YOU?

          PLEASE CHOOSE FORM THE FOLLOWING:
          [ ] 5 Million ADDRESSES $400.00
          [ ] 10 Million ADDRESSES $600.00
          [ ] 20 Million ADDRESSES $1,000.00
          [ ] 30 Million ADDRESSES
      • I mean, geez, there are still N-Gage commercials on TV.

        You think that's bad, the Sci-Fi channel is now advertising "Enzyte - Natural Male Enhancement" tablets. So not only do I have to suffer through penis enlargement messages on my computer, but I have to see it during commercial breaks while watching my favorite Sliders episodes. Somebody should tell the (female) exec who runs that channel that penis enlargement pills don't work.
  • by Space cowboy (13680) * on Saturday June 12, 2004 @06:47PM (#9409063) Journal
    ... there's a back-channel for people whose email is legitimately disproportionately high to have it reinstated. I'd be a mite annoyed (read: bloody furious) if I wasn't doing anything wrong, but my internet access was suddenly curtailed... I send email from home (though never in any quantity likely to raise suspicion) and I don't see why I should use NTL (whose news and mail servers are crap) over my linux gateway.

    What I find more chilling is the number of people in the article who are recommending general blocking of the smtp port. Just because it makes life easier for large corporations is no excuse for using a blunt instrument where an elegant solution could be found - in this case, I think the dynamic monitoring and blocking is far more preferable. If NTL decide to block port 25, I guess I'll just have to tunnel outgoing port-25 traffic over a different (say: 2525 :-) port to my co-lo machine and send from there...

    Aside: The phrase 'Microsoft is working with ....' always seems to send shivers down my spine these days because of the context I find it in. Sigh.

    Simon
    • The secondary SMTP port is 587.

    • by techno-vampire (666512) on Saturday June 12, 2004 @07:00PM (#9409135) Homepage
      I used to work for an ISP. We blocked all outgoing Port 25 to keep our customers from relaying. We also blocked inbound at first, to keep out spammers. This ran into trouble quickly. Not only are there services that don't offer SMTP, there are some that insist you use an address at their domain on all outgoing. We had customers that either couldn't send at all, or not with our address because their broadband carrier wasn't accepting their messages. The way we fixed this, we put up an authenticating server. This way, if you ouldn't connect directly through us you still had one of our servers you could use. Worked just fine, and made a lot of people very happy. I doubt we had as many as 0.01% of our customers complain about this, mostly because they needed to send work mail from home and their company insisted that all mail with the company address went through their own servers.
    • My current ISP block all inbound port 25 to stop open relays. All it takes is an email and they'll unblock you, and put you on a list of servers that gets checked for open relays every couple of days (if you fail that check you have to have a damned good reason why they'll unblock you again).

      It works really well, and I've never heard any complaints about it. It's a lot easier for them than doing things like traffic monitoring etc. as well.
  • Fine by me (Score:5, Interesting)

    by drinkypoo (153816) <martin.espinoza@gmail.com> on Saturday June 12, 2004 @06:47PM (#9409066) Homepage Journal
    In fact it's A-Ok in my book if they block port 25 outgoing for all users. If you want to send mail to outside mailservers directly you are free to use a VPN connection or other types of tunnels.

    Now, if comcast would sell me a static IP address, I might care, but since they don't it's clearly not meant for servers. As long as I can come up with a way to get my mail out (presumably you could set up sendmail or another MTA to use smtp.comcast.net as a relay even though you need to authenticate to use it, but I've never looked into it) it doesn't seem like an issue to me.

    • Re:Fine by me (Score:3, Informative)

      by bersl2 (689221)
      Now, if comcast would sell me a static IP address, I might care, but since they don't it's clearly not meant for servers.

      Pssst: it's called "dynamic DNS."
      • psst, I have a dynamic hostname, but that's not reliable enough to me. I know that a proper mta is supposed to resend later on a bounce and keep trying for a while, but they don't all do that.
  • by Anonymous Coward on Saturday June 12, 2004 @06:48PM (#9409067)
    If they detect port 25 traffic over a certain threshold, do a quick dns blocklist check. If they're blacklisted, stop traffic on port 25 for that customer and contact them to let them know their machine may be infected.
    • Ummm, what blacklist are you referring to? All Comcast dynamic addresses are blacklisted in the MAPS DUL (theoretically, there's a few that aren't, as I just found out when moving from one area to another and having to start routing all my mail that was getting blocked by competent admins through Comcast's mail servers).
  • Reverse That (Score:5, Interesting)

    by Elecore (784561) on Saturday June 12, 2004 @06:50PM (#9409082) Homepage
    I bet it would be a lot more effective to automatically open accounts with that port 25 blocked. If you want to use it, you give them a call and ask for it to be opened. I bet at least 95% of the spam being created is being created without the user knowing so closing port 25 won't affect them.
    • Give current port 25 users 2 or 3 weeks to apply before blocking it so you dont annoy them and your sorted, really.
    • Re:Reverse That (Score:3, Insightful)

      by LostCluster (625375) *
      But the Comcast execs would then realize that the unblocking process costs money in terms of staff time and phone expenses for the support call... and just axe that "feature".
      • Re:Reverse That (Score:3, Interesting)

        by firewood (41230)
        But the Comcast execs would then realize that the unblocking process costs money in terms of staff time and phone expenses for the support call... and just axe that "feature".

        Or better yet, make them pay for the opening the port. Then it would be both a revenue generator and an indirect way of making heavy users of upload bandwidth pay for their share.

    • Re:Reverse That (Score:3, Insightful)

      by gad_zuki! (70830)
      No way. How many people are using another SMTP other than comcasts? Half? 1/3rd? That would be tens (hundreds?) of thousands of support calls.

      This is the best move an ISP can make. As a rule they shouldnt block anything, but if a machine is suspected of being a spam shooter, they should step in and take care of it for the sake of their network and the internet community.

      Also, the second smartest move is to ask people if they ever bought anything from a spammer and if they say yes just punch them in the f
      • Half to a third? Try less than one tenth of ten percent. The vast majority of comcast users are not geeks, they're just people who wanted faster internet access. You don't even need a NIC in your PC because they'll come install one for you as part of the installation process. Or, you can get comcast home networking, and use wifi, which you can reasonably do through USB if it's 802.11b, since 12Mbps > 11Mbps and USB is more likely to approach peak than WiFi.

        The days when only geeks had high speed intern

    • Re:Reverse That (Score:3, Interesting)

      by msobkow (48369)

      For the most part I'd agree, except that many large ISP's are notorious for making it virtually impossible to get a service back after they've blocked it.

      My ISP here has been pretty good about working with me on any technical issues that have come up, which has been rather refreshing compared to the useless "support" from Rogers or AT&T. There is a great deal to be said for smaller vendors who still understand service, even if it costs a bit more.

  • Thanks Comcast (Score:3, Interesting)

    by Anonymous Coward on Saturday June 12, 2004 @06:50PM (#9409083)
    I don't know about the rest of you here, but since I use them as an ISP and run my own mail server, (exim on debian woody, and yes it's secure) I'm very, very glad that Comcast isn't blocking 25 for everyone.

    Not only did they take effors to reduce spam, but for once, they actually listened to their own customers. Thanks Comcast.
  • by anakin357 (69114) on Saturday June 12, 2004 @06:52PM (#9409089) Homepage
    Just put these dickhead spammers in jail for 5-10 years for causing so much disruption and cost to the world. I was reading a few days ago (and feel free to correct me/link to the URL) that spam causes ~$1,900 in lost productivity per employee, per year, in the US. THAT is absurd!

    On a side note, people with virus infected machines will now notice they can't send email to their external SMTP servers, and call Comcast, which they will reply that you have a mass mailing internet worm, and you've been spamming thousands of messages a day. Due to your incompetence, we have turned off your external access, forever.
    • Those $/Per Year numbers are made up. If you add up ALL of them the number comes out to be about 400,000 USD per worker per year.

      They just make up those numbers to sell a product and/or service.
    • Just put these dickhead spammers in jail for 5-10 years for causing so much disruption and cost to the world.

      Sure. Just hand over the exact physical address where all these dickhead spammers are, along with admissable evidence of their illegal and disruptive activities, to the appropriate local authorities for arrest. While you're waiting for the warrants to issue you might consider finding ways to make bulk unsolicited emailing unprofitable. My guess is you'll have enough time to create and impleme
    • Just put these dickhead spammers in jail for 5-10 years for causing so much disruption and cost to the world.


      You know that'll never happen.

      All things considered, spam isn't the only problem out there. The ratio of junk to legitimate mail is about the same in my postal mailbox. I may get one letter or bill in, and the rest is junk.. Why aren't people screaming "We need to make laws.." "they need to be in jail.." etc, etc.. That won't happen because the post office turns a profit on it.

      Most US bandwidth providers do a pretty decent job of trying to stop spam. Most have pretty strict standards, and will shut off a line for spam. I've been in on several of those actions, although not against me or my networks. It would be nice if all providers did that, but again, it probably won't happen. Many overseas companies make good money selling overpriced bandwidth to spammers. Think of it in business terms. If you're a [insert country here] provider, you can charge double or more for hosting and bandwidth to a spammer. You don't really have to answer to anyone but yourself, why not take the sale? Big spammers can use up some pretty substantial bandwidth, so it's worth it for them to sell to this customer. If I have the choice of barely paying my bills, or buying a new house and cars this year, I think the choice is obvious.

      One of the magic questions is, who do you go after? Just a couple days ago, a site hosted on a network belonging to a friend of mine was the "source" of spam. I know they didn't do it, it had absolutely no relationship to them or what they did. So I got on the machines, and found the source. They had a feedback program that was fairly well written, but someone exploited a bug in it, to send out to a few thousand people before I stopped it. Should they throw this perfectly legitimate businessman in jail because someone managed to exploit something. I had to look at it a few times to figure out how they exploited it, the script was fairly well written.

      Since plenty of the spam relates back to overseas sources, you'll never see them spending time in a US jail. Simply enough, you'd never see every government in the world agreeing on enforcement of any law, even an anti-spam law. In a lot of countries, it's rather difficult to even report the spam. What happens when you're trying to report it, and the support people don't speak English. And don't be so egotistical to say "they should all speak English", the universe or even the Internet doesn't revolve around America.

    • Jail's not good enough. We need to return to the Anglo-Saxon practise of outlawing. Outlawing refers to placing the criminal outside of the law: he is no longer protected thereby, and is at the mercy of anyone who should happen upon him. He can be robbed; he can be beaten; he can be killed--and none of those things are crimes, because he is outside the jurisdiction of the law. We need merely outlaw spammers, then publicise their names, addresses and visages--then let the psychos take care of the problem
  • by nicolaiplum (169077) on Saturday June 12, 2004 @06:53PM (#9409096)
    This seems like the right way to do it, as long as they've got a reasonable way for you to ask for it to be unblocked.
    Nice to see a large soulless corporation not just shaft its customers wholesale.
    • "Nice to see a large soulless corporation not just shaft its customers wholesale."

      This story is interesting timing for me. Today (as in like an hour ago) I had cable modem service from Comcast installed. "Large soul-less corporation" was the last thing on my mind. Not only were they pleasant on the phone when I called yesterday, but they also provided next day service *and* called when they got there so I could drive on over. (I'm staying at a friend's house until the stuff gets moved over.) Previous
  • by bigberk (547360) <bigberk@users.pc9.org> on Saturday June 12, 2004 @06:55PM (#9409105)
    Sounds like a great plan to me! I don't like the idea of outright port blocking (customers are paying for IP access, right) but it's very easy to locate the suspicious hosts, which means that once the automated systems are in place they can easily add port restrictions.

    We can watch to see how effective this is by seeing how many of comcast's IPs show up in real time spam blocklists. Take CBL [abuseat.org] and WPBL [pc9.org] for instance, two of my favourite lists...

    % grepcidr -c -e 68.80.0.0/13 1501

    % grepcidr -c -e 68.80.0.0/13 351

    Now we see if those numbers go down over time :) Easy.
    • by bigberk (547360) <bigberk@users.pc9.org> on Saturday June 12, 2004 @07:10PM (#9409205)
      Sorry, let me update those current number of comcast's IPs found in CBL and WPBL blocklists. There's a lot more than I thought. Comcast's netblocks are: 24.0.0.0/12, 67.160.0.0/12, 67.176.0.0/14, 67.180.0.0/15, 67.182.0.0/17, 67.182.128.0/18, 68.32.0.0/11, 68.80.0.0/13

      CBL: 19897 (2% of entire list)
      WPBL: 5199 (10% of entire list!)

      Wow, that does look like comcast is responsible for a ton of the world's spam!
      • This might be a "radical" solution, but why not just use private IPs for users and have comcast use NATs for all of its users. one /16 should be enough that for. It would stop virtually *all* spam from comcast. The "no server" rule would be automatically enforced.

        Now, if people run servers, then let them sign up for a Static IP option. They pay $2 or $5/mo for an extra static IP, direct access to the internet. Then if there is spam from their IPs, their static IP gets disconnected and they would have to p

  • by Caseylite (692375) on Saturday June 12, 2004 @06:55PM (#9409108) Homepage
    I would have no problem with my ISP blocking port 25 unless I specifically request it to be open. And I would sleep much better at night knowing that my mother isn't unknowingly spamming me and my closest 25 million friends. The stipulation is that it not cost me extra to be able to use port 25. And that the ISP's support staff not be morons.
  • by azzy (86427) on Saturday June 12, 2004 @06:55PM (#9409110) Journal
    I never knew Comcast was the largest ISP in the UK.

    Oh.. your nation.. not my nation?

    Sorry, I forgot there was no other part of the world.
    • Well, when quoting a US publication...

      The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. ... one might reasonably assume the nation they are talking about is the US. :-p

    • Sorry, I forgot there was no other part of the world.

      No, you just forgot where Slashdot was located.

      If I'm reading a British website and they say "the nation," it doesn't take a rocket scientist to infer GB.
  • by Serious Simon (701084) on Saturday June 12, 2004 @06:56PM (#9409116)
    I check out the Received: headers for the IP address that the spam is coming from, then use whois to find out who it belongs to. I then forward the spam, including full headers, and the following text:

    Hi, I received this spam from out of your network. I trust sending spam is in violation of your terms and conditions.
    Please take appropriate measures.
    I read recently that about 80% of spam is sent via hacked computers on broadband: http://www.sandvine.com/news/pr_detail.asp?ID=50
    You might consider closing port 25 per default and only open it for customers who explicitly want to run their own mail servers.

    Thanks,

    ...my name here...

  • by firewort (180062) on Saturday June 12, 2004 @06:57PM (#9409121)
    Bellsouth is now blocking all port 25 traffic, whether or not they sell the customer a static IP.

    I had a mail server running on static IP for over a year and they've just blocked it as of last night- Their third tier support claimed that it was because they were being threatened with being blocked by other ISPs.
  • Comcast is clueless (Score:2, Interesting)

    by mrsam (12205)
    "By blocking port 25, they say they cut Spam by 20% last week."

    They're talking out of their asses. I have manually blacklisted their entire cablemodem space quite some time ago. Running a grep on the mail log files shows that this week I've already rejected approximately 20% more spam from Comcast than last week.

    And the week ain't over yet. The log files rotate on Sundays.

    I have concluded that Comcast is a lost cause. Damaged goods. The best thing to do is to blacklist their whole stinking sewer pit
  • By blocking port 25, they say they cut Spam by 20% last week.
    And I say they're full of dog turds.

    Any spammer with half a clue will just move to a different port system. I bet the IT managers can work the numbers so that if one of the flatulates loudly they can reduce spam by 20%.
    • Re:It's crap (Score:3, Insightful)

      by gad_zuki! (70830)
      They cant change if they are sending. If they are recieving they can do whatever they like.

      When sending to SMTP you only have 25, 587, and sometimes 2525. (and some others)

      So if I want to spam your company. I would have to connect to your company's smtp service. Most likely its running on port 25. Thus if 25 is filtered for me, I'm screwed.

      Mostly, everything but 25 requires authentication and even if this cuts a few percentage points of spam thats (in real life) millions of stopped spam.

      Fighting spam
  • I'm a comcast user.. (Score:3, Interesting)

    by sinner0423 (687266) <sinner0423NO@SPAMgmail.com> on Saturday June 12, 2004 @07:01PM (#9409137)
    Before, I'd receive about a dozen spams a day, at least. I had started getting them right after i signed up for a PAYPAL account. In the past 2 days, i've received not one spam. Absolutely unreal.
  • by LostCluster (625375) * on Saturday June 12, 2004 @07:01PM (#9409138)
    For those who do operate home mail servers, why can't such people just configure their outgoing SMTP server to pass all outgoing mail through the ISP's SMTP server to get around such blocks, and therefore have a more "trustwrothy" and less likely to be blocked IP address in the headers?
    • by Telent (567982) <telent@mordac . i nfo> on Saturday June 12, 2004 @07:11PM (#9409206)
      Um... because most of us who run "home" mail servers do it because our ISP's mail servers are slow, unreliable, and down half of the time? Because the rewriting rules often keep us from using our personal domains? Because if we wanted to use our ISP's mail servers, we wouldn't be running our own?

      Now, in my case, none of this applies, because I have a clueful ISP (Hi, Speakeasy!) [speakeasy.net], but back in the Dark Ages of DSL through $TELCO, believe me, I had to. Or I didn't get mail. And believe me, I live for my mail.

    • Many reasons. Firstly, my ISP's mailservers (Cox, who, by the way, already filters 25 both ways except to their servers) are slow as hell. Secondly, I like to be sure my mail doesn't go to more servers than intended.
      • Even if the mailservers are slow as hell, this should not affect anyone who is not trying to use them for business purposes, for which you should have a business account in order to comply with the AUP. Most AUPs also prohibit running a mailing list on a home account, which pretty much rules out the other purpose of sending a lot of mail from home.

        I feel that avoiding your ISP's mailservers because you want to eliminate hops (why? does it matter?) is somewhat contrary, and unnecessarily so. Unless their s

    • SMTP servers run by ISPs are not always reliable. My ISP had a bad habit of mysteriously holding mail in the queue for hours at a time. Some ISPs have odd restrictions such as a maximum number of recipients.

      I used to believe that restricting outgoing port 25 might limit the ammount of spam. Now I am not sure. I suspect that it is reasonably easy for spamware to find a user's SMTP server credentials and use the ISP's SMTP server. There is probably an easy to use API to send mail through Outlook (and the ISP
  • by Eric(b0mb)Dennis (629047) * on Saturday June 12, 2004 @07:02PM (#9409153)
    "So the company is monitoring traffic and picking out machines that look suspicious."

    Okay, isn't that what GMail is doing but to ADD a small advert, and everyone goes bonkers..

    Comcast does it to 'stop spam' and they're a hero...?
  • by rbabb (134729) <rbabb@rba[ ]net ['bb.' in gap]> on Saturday June 12, 2004 @07:05PM (#9409168) Homepage
    ... This is starting to worry me a little. I have been happily running my own mail server for over a year now. The reason being is that I want the ability to host all my own solutions and at the same time use the bandwidth i'm already paying for.

    With wonderful dynamic DNS services like no-ip.org I am able to do this on any dynamic IP and I have no reason to worry about needing one of those pesky static IP addresses.

    Hopefully if something were to happen where I'd start getting blocked I could just use my connections at work and contact their e-mail admins directly to resolve the issue. However this slash and burn tactic is just the wrong way to go about fighting spam. Hence one of the reasons I left Earthlink/Mindspring, who block e-mail from ALL Dynamic IP addresses and also block outbound port 25 on their networks.
    • In the long run, Comcast's move could be better for you than you realise. Providing that Comcast is able to block the outbound spam only, and work with their customers who are responsible, then email admins may not be so quick to drop Comcast's entire dynamic IP range in their blocklists.
  • Lets see... (Score:3, Interesting)

    by circusnews (618726) <steven.stevensantos@com> on Saturday June 12, 2004 @07:06PM (#9409175) Homepage
    I send out on average about 15 emails/day. None of my email traffic goes through comcast's SMTP servers.

    Assuming that this is about average, it would only take 46666.67 customers using non-comcast servers to reach this number.

    The following is only antidotal, but...

    I have set up the cable modems of at least 18 friends and family members. In general I have found that parents tend to use work email addresses most, AOL accouts second most, Hotmail/other free providers, and comcast addresses least. Kids tend to use either AOL or a free email provider more often than using a comcast address.

    Thats comes to about 8 comcast addresses that are actualy used out of the 50 or so email accounts used by these friends and family.

    I am suprised the number is not much higher.
  • Bellsouth Block (Score:2, Informative)

    by bljohnson0 (114084)
    I have Bellsouth DSL and they're blocking port 25 incoming and outgoing for their DSL subscribers. I had a lengthy discussion with tech support about it and they said "thats just how it is". If you have Bellsouth DSL and you can still use port 25 - enjoy it now. The block is coming.
  • by Secrity (742221) on Saturday June 12, 2004 @07:21PM (#9409261)
    If mail servers would start blocking all mail coming from dynamic IPs, they would block the vast majority of spam and block almost no legitimate mail. Yeah, I know that some folks running mail servers on dynamic IPs aren't going to like that, they can still send mail through their provider's mail servers. The arguments against blocking mail from dynamic IPs are pretty much the same as when people were arguing about open mail servers. This is just one mor ething that spammers have ruined.
  • by austad (22163) on Saturday June 12, 2004 @07:27PM (#9409286) Homepage
    And even though they are not blocking port 25 for me, I've found that if I send from their network, a good portion of my email bounces because a lot of companies have all of comcast's network blacklisted.

    I now relay my mail through another server and have no problems.

  • by Random BedHead Ed (602081) on Saturday June 12, 2004 @07:30PM (#9409297) Homepage Journal

    I generally don't like the idea of ISP's interfering with the network, but port 25 is the exception. I like the idea of them blocking 25 by default, but this plan of keeping an eye on their customers is the next best thing. Most people don't realize how much spam comes from broadband accounts. There is some legitimate mail, yes, but those people need to find a new way of life, because it's mostly spam. I use Sendmail at work, and realizing how things have changed on the spam front I updated my /etc/mail/access file so it now starts like this:

    # Reject cable and DSL users who are now Damned Zombie Spam Bastards - keep adding to this
    cable.mindspring.com ERROR:"550 Blocked"
    cq.shawcable.net ERROR:"550 Blocked"
    cg.shawcable.net ERROR:"550 Blocked"
    ed.shawcable.net ERROR:"550 Blocked"
    vc.shawcable.net ERROR:"550 Blocked"
    vf.shawcable.net ERROR:"550 Blocked"
    vs.shawcable.net ERROR:"550 Blocked"
    wp.shawcable.net ERROR:"550 Blocked"
    ss.shawcable.net ERROR:"550 Blocked"
    gv.shawcable.net ERROR:"550 Blocked"
    ls.shawcable.net ERROR:"550 Blocked"
    tb.shawcable.net ERROR:"550 Blocked"
    mj.shawcable.net ERROR:"550 Blocked"
    fm.shawcable.net ERROR:"550 Blocked"
    du.shawcable.net ERROR:"550 Blocked"
    ok.shawcable.net ERROR:"550 Blocked"
    rd.shawcable.net ERROR:"550 Blocked"
    va.shawcable.net ERROR:"550 Blocked"
    dsl.att.net ERROR:"550 Blocked"
    client.attbi.com ERROR:"550 Blocked"
    client2.attbi.com ERROR:"550 Blocked"
    client.comcast.net ERROR:"550 Blocked"
    client2.comcast.net ERROR:"550 Blocked"
    ks.comcast.net ERROR:"550 Blocked"
    fl.comcast.net ERROR:"550 Blocked"
    ny.comcast.net ERROR:"550 Blocked"
    ma.comcast.net ERROR:"550 Blocked"
    pa.comcast.net ERROR:"550 Blocked"
    mia.bellsouth.net ERROR:"550 Blocked"

    And it goes on, and on, and on, for well over a thousand lines. After implementing this I did some calculation and determined that I was blocking about 22% of our incoming mail. There have been some hiccups, but in general I'm really glad I did this. A few people have contacted me to complain that they can't send mail to my users, and I usually tell them to get a static IP address for their mail server or send through a designated relay. This inconvenience to cheap-o owners of SMTP servers with DHCP-assigned addresses has been a real shame, but my users have commented on how much less spam theiy've been getting recently. Blocking broadband users and using Spamcop have been a great combination. Perhaps one day if more ISPs follow Comcast we'll be able to trust those domains again.

    • I hope so, too. (Score:3, Interesting)

      by twitter (104583)
      Perhaps one day if more ISPs follow Comcast we'll be able to trust those domains again.

      I hope so. Before Cox blocked port 25, I started getting more and more bounces but Exim was still more reliable than Cox's SMTP server. Not being able to run a real mail server bothered me, but having to point my MTA at Cox's SMTP servers has been a real pain.

      This inconvenience to cheap-o owners of SMTP servers with DHCP-assigned addresses has been a real shame ...

      Do me a favor and tell Cox to get rid of their expe

  • I'm a comcast user and I thought you wouldn't let you get away with running anything that accepts inbound connections. Does this mean I can get away with openning up for inbound ssh?
  • by Inf0phreak (627499) on Saturday June 12, 2004 @07:41PM (#9409342)
    The Danish telco TDC has blocked both in- and outgoing connections on port 25 to all other servers than their own smtp.mail.dk for all PPPoE using ADSL customers. I have several issues with this:

    1) What if I want to create a mailing list for a project that I (hypothetically) am making and host the e-mail server myself?
    2) I have absolutely no idea what their virus filter du jour is. Nor do I have any influence on it. If it nukes a ZIP file that I was trying to send (or hoping to receive) then it's just bad luck I guess.
    3) The performerance of smtp.mail.dk has been known to be abysmal at times... I wouldn't call it smart to force all e-mail to go through your server if it couldn't even handle the load when only some percentage of what your customers sent went through it earlier...

    And I have to deal with this crud because some morons don't belong on the internet, aren't using a firewall and get infected with every single fscking e-mail "virus" [*] that is sent their way.

    Not to mention how frustrating it was when my e-mail suddenly one day just stopped working.

    [*]: Trojan of course. But noone ever seems to use the right terminology.

    • by secolactico (519805) * on Saturday June 12, 2004 @09:12PM (#9409818) Journal
      Having worked at an ISP, I'm going to answer from the pov of an ISP (your mileage may vary):

      Did you try to get TDC to make an exception for you? Some ISPs actually go out of their way to please their customers. They might customize their filters to let your SMTP traffic thru. Seeing how you are the exception, rather than the rule (not many people with PPP/ADSL run their own servers), this is not unreasonable. Heck, they might even give you a separate network and set up reverse DNS for you (your SMTP server should have it).

      Does your TOS have enything to say about this? If your TOS say that you can't run a server (and given the nature of the internet and specially p2p traffic this might be semantic hair splitting), then you'll have to acomodate them. Maybe change to a service that will let you.

      Of course, I know by personal experience that telco's (specially if they are the dominant one) can be pretty unreasonable, but you won't know until you try.
  • by mabu (178417) on Saturday June 12, 2004 @08:34PM (#9409643)
    And do you think Comcast finally took this step because they decided to stop their spamming users?

    Hell no!

    The only reason they got off their asses is because admins started wholesale blacklisting of their IP space and their customers started complaining.

    Blacklisting WORKS! It's the only way to force these ISPs to be responsible.

    If you're running content-based filtering, you're part of the problem. If you refuse SMTP traffic from confirmed spam sites, you are part of the solution.
  • by malakai (136531) * on Saturday June 12, 2004 @09:18PM (#9409846) Journal
    I, and many of my family member in other cable providers (whoever does Atlanta does the same thing) have had port 25 blocked. Took me awhile to figure out at first. Actually had to have a family membet telenet to blah:25 before i beleived what was happening.

    The solution was to open up another port for SMTP access on our server.

    This happened years ago, I never thought twice about it.

  • by cshuttle (613776) on Saturday June 12, 2004 @09:48PM (#9410020)
    Here's a question that I have contacted Comcast support for previously, and of course, I haven't been able to replicate the problem for them.

    Has anyone noticed that email which passes through Comcast's servers is delayed for an amazing amount of time? I had a customer that I consult for miss deadlines (and consequently sales) because of mail that was sent at 0800 and got recieved at 2200 the next day. I'm not exaggerating.

    Hearing this and playing around with it a bit, it became obvious that the mail was simply lounging around on Comcast's servers.

    Now, of course, I can talk to their tech support until I'm blue in the face and ask them what's going on, but I'd like to take this chance to appeal to the Slashdot community, who usually have a much better understanding of these matters than the droids at the Comcast call center.

    If you do a couple quick searches around dslreports and newsgroups and so on, you'll see that there are in fact many people who have the precise same issue, and have recieved no significant reply.

    Are there any Comcast insiders who know why these emails float around in limbo for 24 hour periods?

  • SPF Records? (Score:3, Interesting)

    by keyslammer (240231) on Sunday June 13, 2004 @09:05AM (#9412525) Homepage Journal
    For a company that's "getting tough on spam", they don't seem too interested in implementing one of the more common measures to reduce it...

    One of the servers that I administer is on Comcast. I just set up SPF records for that domain, and I "include comcast.net" because we send most of our stuff through their SMTP server. Now if only Comcast would set up their SPF records, we could comply to this lovely standard.

    Sorry to take this opportunity to rant about one of my pet peeves...
  • by vanyel (28049) * on Sunday June 13, 2004 @01:27PM (#9413960) Journal
    I work at a small-to-middling isp, and we get almost daily reports from spamcop et al reporting one of our dsl customers. We're going to have to start blocking outgoing port 25 unless the customer requests it be unblocked simply in self-defense. It's a tiny, minute fraction that do actually run their own mail servers, and even they could still relay through our mail server. When SPF or something like it is widely deployed, then we'll be able to open things back up because few of these machines will be authorized mail servers.

Natural laws have no pity.

Working...