Comcast Port 25 Blocks Result In Less Spam 381
Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from
their network, they decided to identify spammers and zombie relays on their
network and block
port 25 traffic from those IP addresses. Comcast's efforts are starting to
pay off. They announced the amount of spam from their network has dropped
35 percent since they began port blocking and
traffic estimates from SenderBase seem to confirm the claims. Spam coming
from Comcast subscribers who were formerly on AT&T networks also
seems to have decreased'."
Good job on the cut and pase (Score:5, Informative)
Something I've been wondering about though is SpamCop's yearly stats [cesmail.net]. Since April, spam reporting has been going down. Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled? I know on my mail server I've implemented some straight blacklist checks primarily using sbl-xbl.spamhaus.org [spamhaus.org] and it's been working great with no false positives. Some spam still gets through, but SpamAssassin usually catches it with other checks.
Re:Good job on the cut and pase (Score:2)
Re:Good job on the cut and pase (Score:3, Informative)
I started the year at 100/day... now rapidly closing in on 200/day. The only thing we block at the mail gateway is executable attachments (anything that is typically used by virus/worm such as EXE, VBS, SCR).
SpamBayes lets 1-2 slip through every few days.
2003-10 2950 - 94/day
2003-11 3225 - 108/day
2003-12 3775 - 122/day
20
Re:Good job on the cut and pase (Score:2, Interesting)
May 2004 17327 = 559/day
Apr 2004 17764 = 592/day
Mar 2004 14119 = 455/day
Feb 2004 11848 = 409/day
Jan 2004 9910 = 320/day
Dec 2003 10002 = 323/day
Nov 2003 8423 = 281/day
This includes viruses that my Bayesian filter is catching, but since most of those viruses are probably to install spam-viruses that's probably a fair classification. Anyway, I can't say that I've seen things drop off this month. Seems to be holding steady the last 3 months...
Maybe we can make comments li
Re:Good job on the cut and pase (Score:3, Insightful)
I know I have stopped reporting all my spam. It took too much time. Now I just target the ones that make it past my spam filters (OK, I have kind of given up on that too).
But I have noticed a drop in spam recently. Maybe spammers are on spring break.
Re:Good job on the cut and pase (Score:5, Interesting)
I wrote a perl script that I can pipe to from pine. It does a quick check with whois.abuse.net and forwards it off. Soon I may be adding whois.arin.net checks as well as traceroutes to track down the abuse e-mail contact.
It's real easy to pipe 200 messages to a script everyday before you leave for the day...
Have you tried SpamCop's "quick reporting"? (Score:5, Informative)
Re:Good job on the cut and pase (Score:3, Interesting)
Re:Good job on the cut and pase (Score:2)
Of course, any one e-mail address can't equal a scientific survey, but still...
Re:Good job on the cut and pase (Score:2)
I'm reporting less (Score:2, Insightful)
I'm happier with using good spam filtering (Spam Assassin/Spam Sieve) and just ignoring the problem. I see much less spam this way, compared to looking at each and every spam I report.
Re:Good job on the cut and pase (Score:5, Insightful)
Re:Good job on the cut and pase (Score:5, Interesting)
Same, but now I filter through and make sure I report all Comcast spam, since it may actually make a difference. I have definately seen a reduction in spam from comcast since the report. We receive many THOUSANDS of spam messages a day for less than two dozen email addresses over 2 domains. I don't even log virus hits anymore, they just delete. A couple hundred a day. I only report spam to known major ISPs. Over 97% of the traffic at our mail server is spam or viruses. Sad.
Regarding chinese/russian/korean spam, I just block several thousand class B IP blocks. Yes, this is not the best method, but then again, since I don't email anyone in China, etc, perhaps it is.
Also, any domain that sends spam, and doesn't have an abuse@ address is blacklisted instantly. Several small ISPs fit into this catagory. I will NOT fill out a form on a fucking web page to report spam. No abuse@, no access.
optonline and adelphia seem to be the worst about not responding to spam, and verizon is the WORST. God I hate them, for so many reasons. I have the least problems/repeats with spam from rr.com and aol.com, ironically.
I stopped reporting for two reasons (Score:2)
2. Spamcop got stricter and a simple copy and paste from the outlook express headers stopped working. At the time I was using spamcop I wasn't willing to switch email clients. Now thunderbird is almost up to par with everything I need.
But For How Long? (Score:5, Insightful)
Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?
I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.
- Greg
Re:But For How Long? (Score:5, Informative)
They can't, that the beauty of it. Standard SMTP servers listen on port 25, as defined in the RFC; with port 25 blocked, it's simply not possible for spam zombies to talk to normal SMTP servers, period.
Re:But For How Long? (Score:2)
I think the grandparent was being too depressed. Measures like this are about the only logical way to combat spam, short of having police raid everyone with a computer and force them to install patches, or sending them to the gallows if they're actually originating spam. And that isn't going to happen. So be happy that Comcast has done this, and hope that they'll continue to be diligent and block any work-arounds.
Re:But For How Long? (Score:5, Insightful)
Re:But For How Long? (Score:2)
Re:But For How Long? (Score:3, Insightful)
As each PC gets infected with the spambot, the first thing it does is try to contact a known SMTP server on the web. If it can get through, it sets up shop as normal, and opens up another port, lets call it port 12345 for now.
Now, if the spambot cannot contact the chosen SMTP server(might even go through a list of them), it starts scanning the internet for any IP listening on port 12345. If it finds an system operating on port 12345, it sends
Re:But For How Long? (Score:2)
I'm on comcast and I send mail using SMTP_AUTH through port 25 on my work server. I haven't been blocked yet. When I am I'll just switch to SMTP_AUTH over TLS/SMTP which is port 465. What would stop a virus from reading the registry to find the SMTP user/pass and port settings. The virus would then send mail as an authenticated user.
The network cannot protect itself against viruses with port filtering. Viruses on the I
Re:But For How Long? (Score:2)
Forgive what might seem like an ignorant question, but is it possible to forge a port number?
I don't even understand conceptually what that means, but I do know that just about everything can be done when people are inspired by other greed or boredom.
Re:But For How Long? (Score:3, Informative)
No. Think of a server listening on a port as waiter waiting next to window. Only requests coming in through that window will be served. Trying to talk to a window where the waiter is not will not be of use, since either there would be no waiter there or the waiter that is there wouldn't understand what you are asking.
Any solution to get round the problem would require hijaking a machine not in the blocked IP rang
Re:But For How Long? (Score:2)
Re:But For How Long? (Score:3, Interesting)
Which is good, because now the ISP has a central point where they can implement rate-limiting. Or at least maintain log files showing which users are sending large quantities of e-mail.
Even better, if the ISP forces SMTP authentication, it now becomes easy to tie a particular spam run back to an actual Comcast user account. Which gives the Comcast folks even more
Re:But For How Long? (Score:2, Informative)
You seem to be complaining that Comcast's spam blocking techniques don't stop the spread of worms. The block is designed to preve
Re:But For How Long? (Score:3, Insightful)
Somehow I doubt Comcast was trying to play anything but a small part in dealing with SPAM.
Re:But For How Long? (Score:3, Informative)
Re:But For How Long? (Score:3, Informative)
Re:But For How Long? (Score:5, Funny)
For the next week, I had to pack the area with fresh gauze 2-3 times a day, the used packing coming away from the wound tinted a sickly melange of yellowish-green and red.
That's more what I was thinking.
- Greg
P.S.: True story.
Re:But For How Long? (Score:5, Funny)
Re:But For How Long? (Score:3, Funny)
Jees. man. I agree.
though I suppose such mental imagery thrown randomly into a thread is an important element to a slashdot conversation
..otherwise youll never become desensitised to goatse guy...
Re:But For How Long? (Score:3, Funny)
Mycroft
OK, that's step 1... (Score:3, Interesting)
Once a few of these spammers have lost everything including the shirt on their backs then you'll see a serious drop in the number of people who think that spamming is a quick and easy path to riches.
Re:OK, that's step 1... (Score:5, Informative)
Although, it seems to me like it would be a nice project to send a Comcast truck around the neighborhood with a list of comprimised machines, armed with a laptop running an ethernet sniffer, then use that information to track down who's controlling the machines.
Only problem is that it probably leads to machines not within the reach of US-based subopaenas.
Re:OK, that's step 1... (Score:5, Funny)
Why would a legitimate businessman in the bulk e-mail industry use hacked machines? That'd be clearly illegal. Oh that's right, sometimes I forget, they're fucking scumbag criminals who would steal their parents' social security checks if they could get away with it.
Re:OK, that's step 1... (Score:2)
Re:OK, that's step 1... (Score:2)
You can't.
As nice as it would be, you really need to be -absolutely- sure you've got a spammer before you try to ruin their life with the court system.
Re:OK, that's step 1... (Score:5, Insightful)
Step 3 is take these selfish bastards to court.
Incoming or outgoing 25? (Score:4, Interesting)
I understand it's for spam-fighting and they only go after the uber-offenders...but it's definitely something to watch for since the ability to send mail (through the domains of our choosing if we own it) should be a fundamental feature of an ISP.
Re:Incoming or outgoing 25? (Score:5, Informative)
Furthermore, given that the court system has decided that it is entirely okay for ISPs to read their customers' mail at will, I don't necessarily want my confidential emails passing through, and being logged by, their mail server. Perhaps you don't particularly care about that but many people do. Yes, I know they can monitor my IP traffic any time they wish, but there isn't any reason to make it easy for them by just stuffing my messages onto their hard disks.
Fortunately, at this point Comcast has not chosen to simply block all SMTP transfers, just those from known abusers, so I don't really have a problem with that (for now.) But I do think that reducing or eliminating the capability of the Internet is not the way to solve problems like this, because once ISPs get in the habit of limiting what we can do with the network we will be hard pressed to get back the freedom we have now. I like the fact that any computer on the Internet can connect to any other and communicate in ways defined by the users of those machines. That fundamentally egalitarian aspect of the Internet is what makes the network so useful (and so scary to certain powerful people.) Allowing those that provide our connectivity the power to pick and choose how we communicate is a bad precedent, and one that we will regret. It won't be long, mark my words, when Port 25 access is simply GONE for anyone but a big corporation or Internet provider, unless you want to pay a monthly "SMTP access charge" or something similar. There's already been talk of charging for access to specific types of connectivity. Imagine having to pay an extra $5.00/month "Instant Messaging access charge" for ICQ users, or a "mandated RIAA maintenance fee" for P2P. Keep the damn ports open, block those systems that cause problems, and let the rest of us use the Internet in ways that benefit us.
A big dent (Score:5, Informative)
Kudos to them for doing a good job of it -- my home Internet connection is through Comcast, and I haven't experienced any trouble sending mail to my own SMTP server on another network. They could so easily have just gone the "all SMTP traffic must go to our hosts" route, but they're doing it the right way instead. Nice to see.
Re:A big dent (Score:2)
Absolutely! I have a mail server sitting on my Comcast account and I send and receive with it. It would have been a major pain if they blocked all SMTP traffic since they probably wouldn't relay my mail for the addresses on my domain. I would have had to route mail through another machine on another port which is a horrible solution. Eventually I'd end up havin
Re:A big dent (Score:2)
Incoming still comes direct to my machine, but I route through them. I figure if it's important enough that Comcast not see what I'm sending, I can use GPG.
flipside (Score:4, Insightful)
spammers aren't the only ones being blocked by spam prevention
Re:flipside (Score:3, Informative)
Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.
I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.
Sheesh. yourselves (Score:2, Flamebait)
Now does the mailserver "Provided by your ISP work? No, they block any IP not their own. Now if port 25 wasn't blocked you could use your own and avoid having to change the Client setup.
I have exactly this problem and have to pay $10 / year to have access to a smtp server that will allow me to log-in from any IP.
Re:Sheesh. yourselves (Score:3, Informative)
Sendmail supports client-side SSL certificates, as does Mozilla. KDE does not :-( But outlook, probably, does, and that's all that matters.
That your e-mail is protected from sniffing over the WiFi, while you send it, is just gravy.
Re:flipside (Score:4, Insightful)
The reason for that is obvious: it prevents the mail server from being used to relay spam. But it's also very frustrating if you want more flexbility and you're not a spammer. I don't know comcast's policy; perhaps they'll accept relaying from inside their network.
Re:flipside (Score:2, Informative)
Re:flipside (Score:5, Insightful)
Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.
I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.
No, thanks. I prefer my mail without random 24-48 hour delays and invisibly dropped messages. That's not how mail is "supposed to work."
Re:flipside (Score:5, Funny)
You mean that's not how _e-mail_ is supposed to work. I'm pretty sure that's exactly how regular old _mail_ is supposed to work, and the postal service is doing a great job of implementing that system, thank you.
Re:flipside (Score:3, Insightful)
SMTP certainly does not demand that all mail be sent through a higher-tier relay. Rather, SMTP was designed to provide diverse, peer-to-peer mail transaction facilities. It allows arbitrary hosts to exchange mail with their peers and this flexibility is what's let SMTP revolutionize communications!
Pretty much the only prerequisite condition for establishing a proper SMTP node is having a reliabl
Re:flipside (Score:4, Informative)
Re:flipside (Score:2, Informative)
Re:flipside (Score:2)
Lost Port 25 traffic (Score:3, Funny)
Now can we get un-blackholed? (Score:3, Interesting)
I have a little mail-server on the end of my cable line for my domain which has three mail accounts on it. I always find it immensely frustrating that my mail server is on MAPS DUL list and people who subscribe to MAPS block my mail.
It's not been a big enough issue that I've installed SASL for my postfix server, but it would be nice to get off the list.
Re:Now can we get un-blackholed? (Score:4, Informative)
One of the tactics that pretty much -all- DNSBLs (and even some ISPs wholesale - like Comcast, incidentally) is to simply not receive email from dial-up type networks. Comcast's consumer-level cable modem service really is no better than dial-up service from a certain point of view (ie. every j6p is able to use it - and they aren't exactly concerned about security).
The odds of a cable modem network getting out of MAPS is as likely as my winning a million bucks tomorrow - nil.
AT&T - Comcast (Score:5, Informative)
Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased.
Seems as as we are *still on* an ATTBI network. I was originally an ATTBI subscriber, and the Comcast transition occured many months ago. Interestingly enough, my rDNS still resolves to:
[ip].[state].client2.attbi.com
Seems awfully odd that this remais.. one would think, at least for the sake of the brandname, that this would be reporting comcast.net
Less Spam (Score:3, Funny)
Why just the port? (Score:5, Insightful)
1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.
2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".
Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!
Re:Why just the port? (Score:4, Insightful)
Actually contacting people costs money because a human has to pick up the phone. Terminating their service costs money for obvious reasons, and charging them for a dubious "service" is likely to get your customer angry at you and waste time and money in calls to your help line.
In the short term, automated blocking and letting the user ride along is blissful ignorance is the only viable strategy. Isn't capitalism great?
Re:Why just the port? (Score:2, Funny)
Re:Why just the port? (Score:5, Funny)
I don't know about you, but I have been responding to all the "Increase your Penis" ads, and now my wang is so big, I had to buy new pants. Thanks to all those guys in Africa, I have more money in my bank account than I could hope for. I used it to buy stocks based on tips that these guys have been sending me, and have doubled my money in a week every time. Of course, it doesn't really matter, because I am buying software for 80% off retail, get people sending me really cool screen savers for free, and refinanced my home at unheard of interest rates.
Now I'm getting tons of email from girls that want me to meet them and their coed girlfriends, so the new, bigger penis will come in handy. I even ordered some discount Viagra so I can keep it going all night. I think what really impressed them was my new university diploma, that I received for my lifelong accomplishments.
Gotta run, looks like someone just sent me a greeting card. Hope its one of the hot college chics. I still don't see what all the fuss is about...
Agreed (Score:2, Interesting)
Re:Why just the port? (Score:3, Informative)
'After Comcast finally owned up to the massive amounts of spam coming from their network, they decided to identify spammers and zombie relays on their network and block port 25 traffic from those IP addresses.
Comcast blocking me.... (Score:2)
Really! It looks like the equipment they provide now is pure junk. Before it was rock solid, now it goes down many times per day and the only solution is to pull the power connector.
But seriously, why has the spam from Comcast not fallen further? Is Comcast only running a trial on part of its network?
I'm still seeing lots of Comcast IP addresses blocked by using the XBL.spamhaus.net RBL -- how is
Re:Comcast blocking me.... (Score:2)
I might as well sign up with AOL... (Score:4, Interesting)
Re:I might as well sign up with AOL... (Score:3, Informative)
I know you don't care about the worm activity, but it costs the ISPs a lot of money to be hauling that traffic.
Re:I will also be switching from Telus (Score:3, Insightful)
Which is a problem with the
Blocking connects from broadband subscribers (Score:5, Interesting)
The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.
I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.
Re:Blocking connects from broadband subscribers (Score:2)
I'd have to track them down and kill them :-). Actually, postmaster and abuse are two accounts that every domain has, but they hardly ever get spam, because spammmers are afraid of us (insert demonic laugh here). Or perhaps it's just because they know that we will trace them back and report them, since we can read email headers better than your average user.
If anything I'm seeing more spam (Score:3, Insightful)
Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.
Disable their Internet connection (Score:5, Insightful)
There is no excuse for not securing your computer. If people don't want to take the half hour it takes to learn how to download and run adaware, S&D, and/or an antivirus program, they should NOT be allowed to connect to the internet. Is this so unreasonable?
Re:Disable their Internet connection (Score:3, Insightful)
Then there is the liability if they do it wrong and destroy more data on the computer of said moron user. It is just a whole mess that would not get the IS
Let's look at some numbers (Score:4, Informative)
Looking at Comcast's IPs appearing on realtime blocklists, today:
CBL: 17132 (Comcast is 1.3% of CBL)
WPBL: 4779 (Comcast is 9.6% of WPBL)
Compared to the number of Comcast IPs that were spam sources two tweeks ago (19897 and 5199) it does appear that there are fewer Comcast spam sources. However the overall proportion of Comcast IPs in the entire lists haven't changed much from (2% and 10%)
meanwhile, Comcast's SMTP server is slow as hell (Score:5, Insightful)
Actually, I have been sending all my mail through Comcast's SMTP server for a while now, because AOL blocks mail directly from my (semi-)dynamic IP address. So, if I want to send mail to AOL users (well, the rest of the family using the SMTP server), I have to send it through Comcast's slow-as-hell mail server.
When I send mail to Gmail, for example, directly from my server, it takes just a few seconds to appear in my inbox, but when I forward it through Comcast, it often takes an hour or more.
Now, this is not completely Comcast's fault, AOL is to blame as well. It really pisses me off that I lose the speed and privacy that comes with having my own SMTP server just because the big providers can't figure out any ways to deal with spam. Fun.
Andrew
I've noted a recent increase in spam. (Score:3, Interesting)
There isn't really all that much you can do about being joe-jobbed, 9 times out of 10 the "admins" for the zombified machine doesn't understand that I'm not the spammer, eventhough I received the bounce for the spam.
Anyone have any good results at trying to get a joe-job to stop?
Re:I've noted a recent increase in spam. (Score:3, Informative)
Second, configure SPF records [pobox.com] for all of your domains. It may not help today, but an increasing number of mailservers are rejecting mail that fails SPF validation.
Third, learn to love your access file. Mine contains lines like:
The comcast USERS get it even worse (Score:3, Interesting)
If only MY ISP would read this... (Score:3, Informative)
Note to Cablevision.... I still get lots of spam, it just sits on YOUR disk instead of mine... way to go guys!
Comcast is behind the times. (Score:3, Informative)
It works so well that... (Score:3, Funny)
Oh wait, it's probably just down again.
less spam isnt acceptible, the only answer is NONE (Score:5, Interesting)
Apparently Spews [spews.org] thought nuking the dynamic users wasnt enough, and blacklisted all of their dynamic space plus most of their corporate servers as well.
One of these days Spamcast will wake up and realize that a huge chunk of the internet has blackholed them. I only wonder how many months or years it will take for the clue to sink in.
That's interesting (Score:3, Interesting)
my daily spam count dropped by nearly 50% today (Score:3, Funny)
thanks comcast. you bastards.
Now that almost everyone has ~24 hour connectivity (Score:5, Interesting)
Why not move to use "instant messaging" methods of direct connectivity between the sender and recipient, and only falling back to server storage when necessary?
This allows for much better knowledge of successful/failed delivery.
It may move more control of message reception to the recipients, allowing them to implement extra protections. For example, requiring arbitrary/configurable amounts of computation on the behalf of the sender to send them a message (increasing the cost of a message send) (unless ofcourse the sender is on a white list of known correspondents).
Is any such transition feasible in the near future?
ALL ISP's should be filtering port 25 (Score:4, Insightful)
You can bet that Comcast has only done this in response to lots of responsible ISPs starting to wholesale-block all port 25 traffic from their IP space. RBLs continue to be not only the most effective method of stopping spam, but also the only effective method of forcing ISPs to control the rogue behavior of their users.
Re:ALL ISP's should be filtering port 25 (Score:5, Interesting)
The blocking of outbound port 25 (Which Cox has been doing for years) is the begining of the end of the internet.
When ISPs start deciding what their customers can and can't do on the internet, it's the end of everything. Every ISP will just become an small island of service. What next? Block 21? Hey how about blocking everything but 80? But wait, zombie mail relays can be setup on any port, so set them up on 80, now Comcast can't block outbound 80 can they?!?!? So it solves nothing in the long run.
I need port 25 open so that I can send email through my workplace server. In order to do that I now have to send mail to a third party server at port 2525 and SPOOF the return address. But what happens when spoofing is no longer allowed?
Whiolesale blocking of port 25 is a lazy, destructive answer to the problem. It may stop the flow of zombie machine spam in the short term, but it also seriously harms legitimate users of their network.
At least Comcast has the sense to block it for identified zombie machines and not for every IP they own like COX.
not everyone needs access to external servers (Score:3, Insightful)
for the 1 or 2% of the users who really need access to external SMTP servers comcast could set up a "white list" to allow them such access.
in other words, what comcast is doing is firewalling in behalf of their users since most of them have no idea what a firewall is.
They won't be able to stop at 25 (Score:3, Interesting)
But wait, were you telnetting *from* 25? Of course not. Yet, somehow, it still worked (likely only if your "rcpt to" entry had a local domain).
Malware can use any port they want to relay from a zombie box to smtp.openSmtpRelay.com 25 as well.
Another thread on this
It's issues like those described in that thread that'll help ultimately bring down spams. Telling malware writers to use another port, which is all Comcast's doing, as others have pointed out, will just have ISPs blocking ports until there are no more ports to block.
Relaying is not a workaround... (Score:5, Informative)
Look at it like this:
With two computers, I've got twice the bandwidth as one computer, and so can send twice the spam.
But with one computer relaying through the other, the bandwidth of that computer is now irrelevant, everything has to go through the relay. Instead of having a relay, it's more efficent to just send the spam from the relay.
Relaying doesn't fix the problem for spammers. And your idea about originating ports is useless, because they're blocking based on destination port, not originating port. Nobody gives a shit about originating port, for almost any protocol. If you want to send spam to ISP's, then you have to connect to SMTP servers to send your spam to, and you have to connect on the port they use, which is port 25 by convention. You cannot work around that fact.
Re:Does Bittorent need that port? (Score:5, Informative)
Re:Does Bittorent need that port? (Score:2)
Anyway, the BitTorrent clients I've used have by default used ports 6889-6989, or thereabouts.
Re:Yea right... (Score:3, Informative)
Not only can you not read the article, you can't even read the story text.
Here, I'll help you:
"spam from their network has dropped 35 percent"
The important thing is HOW MANY OF THOSE 500 ARE FROM COMCAST'S NETWORK?. Also, compare that to your 2 months ago rates of spam coming from comcast's network.
Come on, how hard is it REALLY to read THE TEXT ON SLASHDOT?
RTFA (Score:2)
Re:What a crock0sheet (Score:5, Informative)
relays.ordb.org
bl.spamcop.net
list.dsbl.org
xbl.spamhaus.org
I've got all six of them running on my company's mail server. It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive. That way, I can whitelist the sender and sometimes help them if they have an open relay and didn't know it. I've had one false positive in the last year. That's for 50 users in my company, some of which post their email address everywhere and use it in Banzai Buddy forms. ~90% of spam destined for valid mailboxes is blocked. Not bad considering it's free, easy to set up, and maintenance free.
-Lucas
I don't get it (Score:3, Insightful)
All the problems we're having are precisely _because_ of the open and unregulated way the Internet was. The Internet was designed on the assumption that everyone will be nice, stick to the RFCs religiously, etc. Noone put much thought into the "well, what if they don't?" part. That's the worst design anti-pattern possible and the nemesis of security.
And unsurprisingly that shiny-happy-optimistic approach has failed again and again. E