Comcast Gets Tough on Spam 405
WeakGeek writes "The Washington Post is reporting that Comcast, the nation's largest broadband ISP, has started blocking port 25 to reduce Spam. Jeanne Russo said Comcast is not blocking port 25 for all its users because it does not want to remove the option for legitimate customers who process their own e-mail. So the company is monitoring traffic and picking out machines that look suspicious. By blocking port 25, they say they cut Spam by 20% last week." ZDnet has another article, with a nice statistic: Comcast generates 800 million email messages/day, but only about 100 million of those are sent through Comcast's SMTP servers.
Seems reasonable, as long as... (Score:5, Informative)
What I find more chilling is the number of people in the article who are recommending general blocking of the smtp port. Just because it makes life easier for large corporations is no excuse for using a blunt instrument where an elegant solution could be found - in this case, I think the dynamic monitoring and blocking is far more preferable. If NTL decide to block port 25, I guess I'll just have to tunnel outgoing port-25 traffic over a different (say: 2525
Aside: The phrase 'Microsoft is working with
Simon
Re:Question... (Score:5, Informative)
Just monitor traffic coming into and out of your computer. There are utilities that will let you do that. If you see stuff coming and going that you aren't generating then something is definitely wrong.
Re:Seems reasonable, as long as... (Score:3, Informative)
The secondary SMTP port is 587.
Re:what about mistakes? (Score:5, Informative)
Anyway I installed MRTG and did the math [google.com] after I got the abuse letter and now I just watch to make sure I haven't downloaded more than about 250kbps averaged over the month (I'm at 181kbps right now) and bingo, problem is solved and I haven't got another abuse letter. Personally I find that to be a pretty pathetic amount of transfer per month but they have a monopoly on broadband here unless you are willing to count satellite as an option, which given the latency, I am not.
Regardless, I'm sure calling technical support will actually be useful in the case where you're not sending spam. However, I have a feeling that they're actually scanning your outgoing messages for particular content. This is not particularly hard to do, and since it's done by an automated system it's not a breach of privacy unless they're holding logging information which contain parts of your emails longer than necessary.
Bellsouth, on the other hand blocks all 25 (Score:5, Informative)
I had a mail server running on static IP for over a year and they've just blocked it as of last night- Their third tier support claimed that it was because they were being threatened with being blocked by other ISPs.
Just use SpamCop (Score:5, Informative)
Re:Fine by me (Score:3, Informative)
Pssst: it's called "dynamic DNS."
Bellsouth Block (Score:2, Informative)
Re:what about mistakes? (Score:4, Informative)
90gig/month is gonna be around 3gig/day.
Re:Question... (Score:3, Informative)
Re:Why not pass through their mail servers? (Score:5, Informative)
Now, in my case, none of this applies, because I have a clueful ISP (Hi, Speakeasy!) [speakeasy.net], but back in the Dark Ages of DSL through $TELCO, believe me, I had to. Or I didn't get mail. And believe me, I live for my mail.
Re:Why not pass through their mail servers? (Score:2, Informative)
Doesn't work that way (Score:1, Informative)
Re:Seems reasonable, as long as... (Score:1, Informative)
That's what port 587 is for, the mail submission port. I haven't found an ISP that blocks outbound 587. Port 587 is for roaming users to authenticate to the email server, and then relay email.
Since (normally) port 587 always requires authentication, no one blocks it.
Re:E-mail Advertising? (Score:5, Informative)
Re:Why not pass through their mail servers? (Score:3, Informative)
I used to believe that restricting outgoing port 25 might limit the ammount of spam. Now I am not sure. I suspect that it is reasonably easy for spamware to find a user's SMTP server credentials and use the ISP's SMTP server. There is probably an easy to use API to send mail through Outlook (and the ISP's SMTP server) without the user knowing. Restricting outgoing port 25 does prevent access to open relays, but is that still a major source of spam?
Users run their own SMTP servers as ISPs may be unreliable, or have odd restrictions. In the long run restricting outgoing port 25 probably won't limit spam sent from compromised computers as malware will use the ISP's SMTP server.
Re:Wait, comcast lets you run servers? (Score:2, Informative)
... they're not the only ones (Score:4, Informative)
Re:Question... (Score:3, Informative)
1. If you are using an ethernet connection (either to a router or straight to a modem) then you will have a 100mbit link. 30kbyte/sec uplink (because thats what we are looking at) will be less than 1% of utilization which is hard to see at least.
2. Modem lights only work if you are straight wired but even if you are it's hard to spot it against a background of random network activity that windows gives you.
Re:Well, what I'd like to know (Score:1, Informative)
They cannot mine it from your email, because doing so implicates the Electronic Communications Privacy Act (18 USC 2701-11), and this also forbids them from disclosing anything about the contents of your email to the advertisers (e.g. they won't know why their ad was relevant to you; this is trivial because a simple redirection script will prevent them from knowing where you saw their ad).
This is not the law passed by whoever it was in California, by the way, it's been in effect far longer than that.
Anyhow, back to the original topic, it makes a hell of a lot of difference just how people are monitoring what. Especially when dealing with email, it is more reasonable to figure out exactly what they're doing and judge based on that.
That's why I've spent plenty of time emailing Google (which, surprisingly, actually responds to queries to that privacy concerns email they put up) before deciding whether or not I'll join whenever they come out of beta (I will, they've answered all my concerns). And you had better believe that I would endeavor to do the same were I contemplating using Comcast's service.
Having a bad ISP may not be obvious at first, but if you only find it out when you suddenly need their help with some service issue, it's far too late. Do some research, folks, it's what the Internet was originally intended for...
AOL's blocking is utterly stupid (Score:3, Informative)
AOL user has a button in their email "this is spam" or "I don't want this" or somesuch.
When they hit the button, the message and headers are sent to some server.
The server automatically blocks the IP of the SMTP server that sent the message so it can no longer send email to AOL.
This works in theory, execpt many users treat this button as a way to muffle their annoying friends. So a "forwarded joke" can get flagged as spam even if it is from their cousin on a small local ISP. There is NO oversight in the process.
Utterly stupid.
I know this, because a local ISP that I help out sometimes coaxed the AOL people to foward the messages with headers so he could address the "problems" and get his mail server unblocked. The messages were personal emails, notes from friends, messages from people's own lawyers as well as normal span.
I am not sure if they have given up caring if AOL-bound emails are blocked. But that's just about the only thing they can do.
Re:What does your average user need with 3 gigs/da (Score:1, Informative)
Terms of service != Legal
Re:Question... (Score:2, Informative)
Open the 'Network security' tab, and click the 'packet filter' button.
Create two new rules.
One that says 'Block outgoing mail', blocking all outgoing TCP connections on port 25 and pop up an alert whenever something tries to open a connection.
The second rule should explicitly allow your mail client(s) to send outgoing mail. Make sure this one's processed first (click up/down arrows until it ends up above the block-all rule).
Voila - Your computer is spam safe.
Not quite (Score:2, Informative)
You are right, pushing the button leads to a spam report being sent to AOL, who then keep statistics on file for the spam's origin. If your IP gets "too many" reports compared to the volume of email you are sending, you will be blocked. But it's not normally a 1-for-1 type of deal. And if you're in the feedback loop, you get a copy of the spam report.
We've had days where we've received as many as 20 spam reports, yet we haven't been blocked yet, presumably because our volume was high enough and our track record good enough to be left alone.
We don't send spam. All our users subscribe (yes, on purpose) to receive our email. Yet you get people pushing the "Report Spam" button for many reasons:
- In AOL 9.0, there is not even a warning or a window asking to confirm the button press. You push the button, and any email you have selected is instantly reported as spam.
- They don't tell their users that spam reports are filed and that this may have adverse affects on the person sending the email. All they know is "I don't want email like this anymore." We go out of our way to remind our users in every email where they can go to cancel their account. Doesn't matter. (Keep in mind these people actually requested our email.)
- The "Report Spam" button is DIRECTLY NEXT TO THE DELETE BUTTON. This is fucking retarded. Combined with no warning when a spam report is filed, half the people filing reports are aiming for the delete button. (We know because we've asked for info about these people.)
Here's the best part.
AOL sends these spam reports to you if you are in the feedback loop. The idea is that you will act on them since you are not supposed to send that person any more email once they report you. But they delete the person's email address so you're SOL in most cases! Luckily for us, we're using a good list server that lets us embed the member ID of the user so we can cancel their account. But lots of times we'll get reports on various automated emails from our website that have no other ID aside from the now-erased email address.
All in all, AOL has their head up their ass.