Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast Port 25 Blocks Result In Less Spam

timothy posted more than 10 years ago | from the choke-it-off dept.

Spam 381

Dozix007 writes "Ars Technica reports that: 'After Comcast finally owned up to the massive amounts of spam coming from their network, they decided to identify spammers and zombie relays on their network and block port 25 traffic from those IP addresses. Comcast's efforts are starting to pay off. They announced the amount of spam from their network has dropped 35 percent since they began port blocking and traffic estimates from SenderBase seem to confirm the claims. Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased'."

cancel ×

381 comments

Sorry! There are no comments related to the filter you selected.

Just wanted to let you know: (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9576803)

I've got a greased up Nick Berg head shoved up his decapitated body's ass!

LOL, that's a good troll, but... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9577213)

Fuck you and your /. trolling faggotry. Girls all the way! That's right, while I've been sitting in the IP-ban corner for the last three weeks, I've discovered females. FEMALES. The things you sometimes see on the internet touching their sexy bodies in attractive ways. The real things are squishy and smell nice, and are generally great to be around. Really. Take a shower and clean your teeth, go outside and maybe you'll find one. I don't need no gay Slashdot and gay trolling, trolling is for fags and losers, and you are all fags and losers. Fuck Slashdot, fuck trolling, fuck you. Suck on it, you faggots. Fuck you.

Good job on the cut and pase (5, Informative)

Anonymous Coward | more than 10 years ago | (#9576809)

Here's the actual Ars Technica story [arstechnica.com] that wasn't linked, but copied and pasted as the Slashdot story.

Something I've been wondering about though is SpamCop's yearly stats [cesmail.net] . Since April, spam reporting has been going down. Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled? I know on my mail server I've implemented some straight blacklist checks primarily using sbl-xbl.spamhaus.org [spamhaus.org] and it's been working great with no false positives. Some spam still gets through, but SpamAssassin usually catches it with other checks.

In Other News... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9576932)

..Cutting off one of your testicles reduces your sperm count!

Re:Good job on the cut and pase (1)

neonstz (79215) | more than 10 years ago | (#9576938)

My email account at work used to get about 100 spams/day earlier this year, now it's down to 60-70. (This is the spams that hits the spam filter, only 2-3 slips through each day).

Re:Good job on the cut and pase (2, Informative)

WuphonsReach (684551) | more than 10 years ago | (#9577193)

My email account at work used to get about 100 spams/day earlier this year, now it's down to 60-70. (This is the spams that hits the spam filter, only 2-3 slips through each day).

I started the year at 100/day... now rapidly closing in on 200/day. The only thing we block at the mail gateway is executable attachments (anything that is typically used by virus/worm such as EXE, VBS, SCR).

SpamBayes lets 1-2 slip through every few days.

2003-10 2950 - 94/day
2003-11 3225 - 108/day
2003-12 3775 - 122/day
2004-01 3250 - 105/day
2004-02 3600 - 124/day
2004-03 4150 - 134/day
2004-04 5150 - 172/day
2004-05 5450 - 176/day
2004-06 6250 - 208/day

Oops, we just crossed the 200/day mark. And that's just my own work e-mail address, which doesn't count all of the other users.

We won't truly see the impact of the Comcat move until at least the end of July.

Re:Good job on the cut and pase (3, Insightful)

JumperCable (673155) | more than 10 years ago | (#9576945)

Is it simply fewer people reporting/people reporting fewer spam, or is it a sign that actual spam is going down or at least being better handled?

I know I have stopped reporting all my spam. It took too much time. Now I just target the ones that make it past my spam filters (OK, I have kind of given up on that too).

But I have noticed a drop in spam recently. Maybe spammers are on spring break.

Re:Good job on the cut and pase (3, Interesting)

silentbozo (542534) | more than 10 years ago | (#9576975)

I think it's fewer people reporting spam. My spam count has increased (400+ a day), but I gave up reporting to SpamCop a number of months ago because I couldn't keep up. I emptied my held mail a few weeks ago, and had 6000+ messages on the system. I know SpamCop has been throwing away the older ones that I haven't gotten around to reporting/cleaning out, because I store a local copy of the mail going to SpamCop and I've archived WAY more than that...

Re:Good job on the cut and pase (1)

MinutiaeMan (681498) | more than 10 years ago | (#9577049)

It's got to be that fewer spam messages are being reported. I've noticed lately that the amount of spam I've received has been slowly going UP, from around 80 junk messages per day to around 100.

Of course, any one e-mail address can't equal a scientific survey, but still...

Re:Good job on the cut and pase (1)

AaronW (33736) | more than 10 years ago | (#9577080)

I'm a paying SpamCop reporter. It's just starting to get too expensive to keep reporting. I'll probably keep it up for a bit, but that 16MB quota disappears awfully fast now. Hopefully Comcast cleaning up its act will reduce the spam load significantly.

I'm reporting less (2, Insightful)

mr_rangr (311899) | more than 10 years ago | (#9577136)

I have a paid SpamCop account. I used to report everything, but it just takes too much time and the amount of spam continues to rise. I will not be renewing my SpamCop account once it expires next April.

I'm happier with using good spam filtering (Spam Assassin/Spam Sieve) and just ignoring the problem. I see much less spam this way, compared to looking at each and every spam I report.

FP! (-1, Troll)

LittleLebowskiUrbanA (619114) | more than 10 years ago | (#9576813)


About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY?
Are you a NIGGER?
Are you a GAY NIGGER?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

* First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE and watch it. You can download the movie (~130mb) using BitTorrent.
* Second, you need to succeed in posting a GNAA First Post on slashdot.org, a popular "news for trolls" website.
* Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.

Re:FP! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9576870)

I'm a USian and I take offense at your use of the word "American".

You not only offend USians you offend Cannadians and Mexians who are north Americans but not USians.

So please refrain from calling yourselfs "American" unless you intend to represent the two American contanents.

Re:FP! --- WTF (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9576896)

I think this guy's account's been hijacked... He had good Karma and on-topic posts, now this.

But For How Long? (5, Insightful)

gbulmash (688770) | more than 10 years ago | (#9576817)

Those numbers are all really nice, but isn't this just putting one of those little dot band-aids on a stab wound? It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block? How long until new worms are traversing the net, creating worldwide bottlenecks, pinging out from newly zombied PCs to find the latest Windows vulnerability and install themselves?

Better yet, what if these zombied spambot-infected PC's have been creating a shadow P2P network so their makers can quickly and easily install patches, or send out network-wide commands to their armies of zombies? How long will the port 25 block remain effective then?

I give Comcast all sorts of kudos for doing something to try to staunch the spam spurting from their digital arteries, but I don't see this working in the long term.

- Greg

Re:But For How Long? (0)

Anonymous Coward | more than 10 years ago | (#9576845)

"spam spurting from their digital arteries"? Are you saying spam is the fluid of life, without which comcast will not survive?

Re:But For How Long? (0)

Anonymous Coward | more than 10 years ago | (#9576916)

Oh... maybe ;)
-orangesquid

Re:But For How Long? (5, Funny)

gbulmash (688770) | more than 10 years ago | (#9576941)

"spam spurting from their digital arteries"? Are you saying spam is the fluid of life, without which comcast will not survive?
A few months ago, I had a bad staph infection in the groin. One morning, as I walked into the bathroom, a portion of it burst. Suddenly the bathroom floor was splattered, a puddle of blood and pus at my feet, more of it dribbling down my leg.

For the next week, I had to pack the area with fresh gauze 2-3 times a day, the used packing coming away from the wound tinted a sickly melange of yellowish-green and red.

That's more what I was thinking.

- Greg

P.S.: True story.

Re:But For How Long? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9577004)

Thanks for sharing!

Re:But For How Long? (4, Funny)

FlyingOrca (747207) | more than 10 years ago | (#9577039)

OK, I've got the mod points, now where's "-1, Too Informative"? ;-p

Re:But For How Long? (0)

Anonymous Coward | more than 10 years ago | (#9577045)

modded "Informative", hehe.

PS: you set up the whole thread, including the anonymous reply, didn't you?

Re:But For How Long? (4, Informative)

rsmith-mac (639075) | more than 10 years ago | (#9576851)

It seems to work for a while, but how long before the spambot authors come up with a way around the port 25 block?

They can't, that the beauty of it. Standard SMTP servers listen on port 25, as defined in the RFC; with port 25 blocked, it's simply not possible for spam zombies to talk to normal SMTP servers, period.

Re:But For How Long? (1)

irokitt (663593) | more than 10 years ago | (#9576917)

So, anyone think there might be a IIS or Linux vulnerability that could change that?

I think the grandparent was being too depressed. Measures like this are about the only logical way to combat spam, short of having police raid everyone with a computer and force them to install patches, or sending them to the gallows if they're actually originating spam. And that isn't going to happen. So be happy that Comcast has done this, and hope that they'll continue to be diligent and block any work-arounds.

Re:But For How Long? (4, Insightful)

Baron_Yam (643147) | more than 10 years ago | (#9576927)

Which is why (some) Windows users learned to hide behind NAT or disable their Messenger service - because some spammers moved on from email to direct popups on the desktop.

Re:But For How Long? (1)

irokitt (663593) | more than 10 years ago | (#9576956)

Which is less of a problem provided you de-activate Messenger (the network service, not the chat program).

Re:But For How Long? (2, Insightful)

Sylver Dragon (445237) | more than 10 years ago | (#9577109)

Let's just toss out an idea (poorly formed), but might work.
As each PC gets infected with the spambot, the first thing it does is try to contact a known SMTP server on the web. If it can get through, it sets up shop as normal, and opens up another port, lets call it port 12345 for now.
Now, if the spambot cannot contact the chosen SMTP server(might even go through a list of them), it starts scanning the internet for any IP listening on port 12345. If it finds an system operating on port 12345, it sends some sort of test string to that IP/port. The listening server responds with some pre-determined code. Once the originating system receives the expected response, it starts sending all of its email out using the other system as a proxy. Thus doubling the amount of bandwidth used on the proxy, but allowing the spambot to function on a "protected" computer.
Lastly, the proxy server should only allow a few connections, to keep from saturating the bandwidth available to it.
Granted, this isn't a whole solution around the port 25 block, but it may be a start of how it might be done, and something to watch for. Personally, I'm all in favor of ISP's blocking outbound port 25, and only opening it for those who request it specifically. My current ISP does this, and I'm perfectly happy with it.

Re:But For How Long? (1)

Shishak (12540) | more than 10 years ago | (#9577178)

Or, the virus could read the registry and use the smtp server defined in Outlook.

I'm on comcast and I send mail using SMTP_AUTH through port 25 on my work server. I haven't been blocked yet. When I am I'll just switch to SMTP_AUTH over TLS/SMTP which is port 465. What would stop a virus from reading the registry to find the SMTP user/pass and port settings. The virus would then send mail as an authenticated user.

The network cannot protect itself against viruses with port filtering. Viruses on the Internet are the same as in biology they will adapt and work around any blocks you put into place.

Re:But For How Long? (1)

Glowing Fish (155236) | more than 10 years ago | (#9577125)

Forgive what might seem like an ignorant question, but is it possible to forge a port number?
I don't even understand conceptually what that means, but I do know that just about everything can be done when people are inspired by other greed or boredom.

Re:But For How Long? (1)

SCHecklerX (229973) | more than 10 years ago | (#9577192)

All they would need to to is smart-relay through the ISP's servers. Probably not all that hard to rewrite the zombies to do that, you know.

Re:But For How Long? (0)

.pentai. (37595) | more than 10 years ago | (#9576867)

If access to my machine's port 25 is blocked up-stream from me, how can I work around this?

I could, of course, use another port! I mean they can't block ALL incoming messages, and it wouldn't be that hard to write a program to send mail via a slave at a port OTHER than 25...

Re:But For How Long? (3, Informative)

Anonymous Coward | more than 10 years ago | (#9576890)

It's not access to your machine's port 25 that is blocked. It is access from your machine to port 25 on other systems.

Re:But For How Long? (2, Informative)

MntlChaos (602380) | more than 10 years ago | (#9576913)

You misunderstand. They block connections from their network to port 25 on any machine except their mail servers. Thus any slave computers can't send out e-mail without it hopping past their servers (and likely a quick phone-call from their abuse department).

Re:But For How Long? (1)

NelsChristian (66295) | more than 10 years ago | (#9576947)

Access to your trojaned machines port 25 is not blocked. Access from your machine to port 25 anywhere is blocked. They don't block incoming connections, they block outgoing connections.


Thus, a hijacked PC on the Comcast network will not be able to contact any SMTP server of interest to the spammer.

Re:But For How Long? (1)

silentbozo (542534) | more than 10 years ago | (#9577005)

Thus, a hijacked PC on the Comcast network will not be able to contact any SMTP server of interest to the spammer.

Unless they do it via a trojaned proxy that is accepting SMTP connections from a non-standard port, or unless they are using their zombies to attack web-side mailing scripts in order to take over and use the webserver's local mail system to send out spam. Having been on the receiving side of multiple attempts to take over my mail forms (unsuccessful so far), I have to say, they're damned annoying.

Re:But For How Long? (0)

Anonymous Coward | more than 10 years ago | (#9576873)

These little band-aids and steri-strips are fucking effective. try them out!

Re:But For How Long? (2, Informative)

Hrolf (564645) | more than 10 years ago | (#9576967)

To the extent that Comcast can keep up with finding zombie PCs for which they provide Internet service, blocking port 25 will guarantee that zombie PCs on Comcast's network will not send spam. It's quite simple: in order to send e-mail, you must connect to a server listening on port 25 for the simple reason that that's where the receiver's SMTP server is listening by convention [iana.org] .

You seem to be complaining that Comcast's spam blocking techniques don't stop the spread of worms. The block is designed to prevent the worm from sending spam. If you want someone to whom to complain about the spread of worms, you might want to direct your anger at the blameworthy [microsoft.com] .

Does Bittorent need that port? (0, Interesting)

Anonymous Coward | more than 10 years ago | (#9576827)

I am with comcast and the last 2 days I can't get at all to bittorent downloads. Does bittorent needs port 25?

In the last few months I didn't have a problem btw, only the last few days.

Re:Does Bittorent need that port? (4, Informative)

sploo22 (748838) | more than 10 years ago | (#9576849)

No, port 25 is used solely for sending email. It has absolutely nothing to do with BitTorrent. Not only that, but Comcast is only blocking it for spammers and open relays.

Re:Does Bittorent need that port? (1)

IthnkImParanoid (410494) | more than 10 years ago | (#9576855)

Err, do you spam or have an 0wned box? I think that's the only way you'd need to worry.

Anyway, the BitTorrent clients I've used have by default used ports 6889-6989, or thereabouts.

Re:Does Bittorent need that port? (1)

NSash (711724) | more than 10 years ago | (#9576856)

Does bittorent needs port 25?

No. You may specify any port (or range of possible ports) for BitTorrent.

Slashdot Quiz (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9576836)

Do you have a Biblical world view? Take this Slashdot quiz.
  1. Do you believe absolute moral truths exist?
  2. Is absolute truth defined by the Bible?
  3. Did Jesus Christ live a sinless life?
  4. Is God the all-powerful and all-knowing Creator of the universe, and does he still rule it today?
  5. Is salvation a gift from God that can't be earned?
  6. Is Satan real?
  7. Does a Christian have a responsibility to share his or her faith in Christ with other people?
  8. Is the Bible accurate in all its teachings?

[disclaimer: I have a Biblical world view.]

Re:Slashdot Quiz (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9576871)

1. Your mom exists
2. Your mom is defined by the Bible
3. Your mom didn't live a sinless life
4. Your mom rules the universe today
5. Your mom is a gift from God that can't be earned
6. Your mom is real
7. Your mom has a responsibility to share his or her faith in Christ with other people
8. Your mom is accurate in all its teachings

Yea right... (-1, Redundant)

Kenja (541830) | more than 10 years ago | (#9576859)

Over 500 spam messages so far today on a domain I've had since the mid 90s. This is about normal and what I've come to expect at this point.

Re:Yea right... (2, Informative)

batkiwi (137781) | more than 10 years ago | (#9576942)

Not only can you not read the article, you can't even read the story text.

Here, I'll help you:

"spam from their network has dropped 35 percent"

The important thing is HOW MANY OF THOSE 500 ARE FROM COMCAST'S NETWORK?. Also, compare that to your 2 months ago rates of spam coming from comcast's network.

Come on, how hard is it REALLY to read THE TEXT ON SLASHDOT?

Re:Yea right... (2)

tarquin_fim_bim (649994) | more than 10 years ago | (#9577022)

This is about normal

The unfortunate truth is that we have come to accept wholesale abuse of our collective inboxes as 'normal', SMTP is woefully inadequate, the next time saving technological advance will probably be the rediscovery of pen, paper and stamps.

OK, that's step 1... (2, Interesting)

WIAKywbfatw (307557) | more than 10 years ago | (#9576875)

Step 2 is to take these selfish bastards to court. They were clearly breaching the terms and conditions of their accounts, so proving a case against them won't take more than five minutes.

Once a few of these spammers have lost everything including the shirt on their backs then you'll see a serious drop in the number of people who think that spamming is a quick and easy path to riches.

Re:OK, that's step 1... (5, Informative)

cmowire (254489) | more than 10 years ago | (#9576900)

The problem is those machines aren't actually the spammer, they are comprimised machines that the spammer is controlling.

Although, it seems to me like it would be a nice project to send a Comcast truck around the neighborhood with a list of comprimised machines, armed with a laptop running an ethernet sniffer, then use that information to track down who's controlling the machines.

Only problem is that it probably leads to machines not within the reach of US-based subopaenas.

Re:OK, that's step 1... (1)

Vaevictis666 (680137) | more than 10 years ago | (#9576905)

Keep in mind that the blocks are on what are very likely zombied, trojaned, infected machines and that the users/owners of said machines dont even realize it.

Re:OK, that's step 1... (1)

paitre (32242) | more than 10 years ago | (#9576906)

Ok. Now how to you distinguish between innocent bystanders (ie. the zombie relay folks) and the fartknockers actually doing the spamming?

You can't.

As nice as it would be, you really need to be -absolutely- sure you've got a spammer before you try to ruin their life with the court system.

Re:OK, that's step 1... (4, Insightful)

stefanlasiewski (63134) | more than 10 years ago | (#9577017)

Step 2 is finding the spammers, since it's likely that most of these spam machines are comprimised machines running windows, the machine's owners are probably oblivious that their home machine is sending Spam.

Step 3 is take these selfish bastards to court.

Incoming or outgoing 25? (4, Interesting)

Anonymous Coward | more than 10 years ago | (#9576877)

I suppose it's port 25 outgoing, right? The same one that Earthlink has blocked for ages. (not sure if they still do) The same one that won't let you send SMTP mail with a different domain even if you owned the domain name?

I understand it's for spam-fighting and they only go after the uber-offenders...but it's definitely something to watch for since the ability to send mail (through the domains of our choosing if we own it) should be a fundamental feature of an ISP.

Port 587 (0)

Anonymous Coward | more than 10 years ago | (#9576911)

Or 465. There are alternatives for sending authenticated and encrypted email to third party, non-ISP mail servers. We should work on grandfathering port 25 for mail senders and leave 25 only for server to server traffic.

Re:Port 587 (0)

Anonymous Coward | more than 10 years ago | (#9576960)

And how many mail servers listen on those ports?

Re:Port 587 (0)

Anonymous Coward | more than 10 years ago | (#9576972)

Mine do. If your's doesn't, do it or request your admin do it. If you're paying someone to handle your mail, they should listen else you might go elsewhere.

Re:Incoming or outgoing 25? (-1, Flamebait)

orangesquid (79734) | more than 10 years ago | (#9576987)

Comcast != ISP

Comcast == IFP :== Internet Filter Provider

Re:Incoming or outgoing 25? (0)

Anonymous Coward | more than 10 years ago | (#9577008)

The same one that won't let you send SMTP mail with a different domain

That's completely wrong.

I have Earthlink DSL at home and I have never had a problem sending email through their servers, with my work email address in the "from" field. I've been doing it for years - and did it as recently as this morning. The only catch is that outgoing mail *must* be directed through their servers - which is not a problem.

They're only doing this so that they *could* identify spammers if they wanted to. Since they already know who you are since you authenticated and logged on in order to use the network - they are now able to trace you back through their mailservers if they had any need to (a simple correlation of the mail sender IP vs the user's IP when they logged on).

Re:Incoming or outgoing 25? (1)

wwrmn (42399) | more than 10 years ago | (#9577081)

Well I certainly HOPE it's outbound, that's all that makes sense. I was a DirecTV-DSL subscriber running my personal domains when they 'got out of the business'. When I came up on Earthlink, I was greeted by that same port 25 outbound block:
# echo "relayhost = mail.earthlink.net" >>/etc/postfix/main.cf
Works for me... If I'm a spammer or have a mis-configured MTA that allows open relay, I would totally understand them blocking me. My neighbor I allow to slurp off my DSL via WIFI runs XP and I found I was blocking port 25 traffic from him! If he was still using their dialup (or broadband) and they didn't have that block in place, he'd have been the classic '70 yr old running a spam relay'.
He now understands the joys of AV and Spyware, and LOVES mozilla.

I'd much rather the IP space I'm living on not end up on a RBL and live with the thought they *might* be reading the mail sent from my domain.

I can't fold tin-foil well enough to create a fashionable hat.

What a crock0sheet (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9576878)

I'm calling bullshit on that story. Spamcast IPs are still hammering the piss out of my mail server.

Re:What a crock0sheet (0)

Anonymous Coward | more than 10 years ago | (#9577016)

Just a thought...send the list of IPs to abuse@comcast.net?

Re:What a crock0sheet (0)

Anonymous Coward | more than 10 years ago | (#9577084)

You're kidding, right? abuse@* don't pay attention to anyone but the FBI and RIAA. Sometimes not even the FBI.

Re:What a crock0sheet (0)

Anonymous Coward | more than 10 years ago | (#9577122)

I could try to log it, but I got more important stuff to do. Like block wanadoo and verizon and swbell and roadrunner and adelphia and mindspring and hinet and all the other DSL providers in the world. I'm about ready to pull the plug on the mail server and just tell people to call me on the phone. E-mail is about useless any more.

And did you ever get any response from any ISP's abuse@ email? Seriously, I used to believe in that fairy tale too, but in the real world abuse@ emails either bounce or go to /dev/null.

A big dent (4, Informative)

koreth (409849) | more than 10 years ago | (#9576879)

I noticed a big drop in the daily message traffic to my mail server (which receives about 85% spam, last I checked) around the time Comcast put their policy in place. It seems like about a 25-30% drop in overall message traffic, which is in line with the numbers they quote.

Kudos to them for doing a good job of it -- my home Internet connection is through Comcast, and I haven't experienced any trouble sending mail to my own SMTP server on another network. They could so easily have just gone the "all SMTP traffic must go to our hosts" route, but they're doing it the right way instead. Nice to see.

Re:A big dent (1)

egarland (120202) | more than 10 years ago | (#9577094)

They could so easily have just gone the "all SMTP traffic must go to our hosts" route, but they're doing it the right way instead. Nice to see.

Absolutely! I have a mail server sitting on my Comcast account and I send and receive with it. It would have been a major pain if they blocked all SMTP traffic since they probably wouldn't relay my mail for the addresses on my domain. I would have had to route mail through another machine on another port which is a horrible solution. Eventually I'd end up having to change ISP's which would be quite painful.

Kudo's for making an effort to not break email for those of us who don't use their email system.

Tautology (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9576882)

In other news: Cutting off one of your testicles reduces your sperm count!

Well shit on me. Who'da thought it?

Yours, The Coward.

flipside (4, Insightful)

name773 (696972) | more than 10 years ago | (#9576886)

this is grand and all, but i run my own mailserver (merely to get a 5gig inbox and the username i want), and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.
spammers aren't the only ones being blocked by spam prevention

Re:flipside (3, Informative)

prockcore (543967) | more than 10 years ago | (#9576939)

and since it's on a residential cable line (dynamic address), aol, rr.com, and email.com all reject my e-mails. and no, i never send spam.

Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

I'm always amazed at how many people "run my own mailserver" yet have no idea how mail is supposed to work.

Sheesh. yourselves (1, Flamebait)

bstadil (7110) | more than 10 years ago | (#9577009)

Let me see. You are travelling and want to send email from a mailserver while logged in via Wifi.

Now does the mailserver "Provided by your ISP work? No, they block any IP not their own. Now if port 25 wasn't blocked you could use your own and avoid having to change the Client setup.

I have exactly this problem and have to pay $10 / year to have access to a smtp server that will allow me to log-in from any IP.

Re:Sheesh. yourselves (1)

cheekyboy (598084) | more than 10 years ago | (#9577096)

if you are travelling, just use a webbased email client via your personal server, use squiralmail, jeeeez, sure its different, but its the best remote way and its not like ur some exec ceo that does 7 trips a month.

Re:Sheesh. yourselves (2, Informative)

mi (197448) | more than 10 years ago | (#9577112)

By letting you download an SSL certificate, your (or any) ISP can allow you (and any of their customers) to relay mail through their servers.

Sendmail supports client-side SSL certificates, as does Mozilla. KDE does not :-( But outlook, probably, does, and that's all that matters.

That your e-mail is protected from sniffing over the WiFi, while you send it, is just gravy.

Re:Sheesh. yourselves (1)

Karrots (14012) | more than 10 years ago | (#9577180)

Both Comcast and my dial up ISP let me relay email if I first login with SMTP-AUTH. Now my university doesn't but thats just because the network admin insists on having the CISCO PIX smtp-fixup turned on which doesn't allow ESMTP to communicate.

Re:flipside (3, Insightful)

jfengel (409917) | more than 10 years ago | (#9577025)

Many ISP mail servers refuse to relay mail. If neither the FROM nor the TO addresses belong to that server, they'll reject your message. That means you end up receiving mail on the ISP's mail server, and that completely obliterates the point of running your own mail server.

The reason for that is obvious: it prevents the mail server from being used to relay spam. But it's also very frustrating if you want more flexbility and you're not a spammer. I don't know comcast's policy; perhaps they'll accept relaying from inside their network.

Re:flipside (2, Informative)

e9th (652576) | more than 10 years ago | (#9577033)

Read the previous article in yro. If you let your ISP forward your mail, he can read it (at least in the First District) with impunity.

Re:flipside (1)

Mudcathi (584851) | more than 10 years ago | (#9577060)

Don't talk directly to their mail servers.. talk to the outgoing mailserver provided to you by your ISP. Sheesh.

"Sheesh!" is what I said when I tried what you recommended, and over half my emails got bounced against everyone's "no relay" policies.

Re:flipside (1)

cheekyboy (598084) | more than 10 years ago | (#9577115)

set it in your email CLIENT, as outgoing server = your ISPs mail server. not your sendmails outgoing relay.

Re:flipside (3, Informative)

batkiwi (137781) | more than 10 years ago | (#9576971)

Look into "smarthost." Every MTA I know of supports it, and it's the proper way to do it.

Re:flipside (2, Informative)

Anonymous Coward | more than 10 years ago | (#9577006)

Thank the spammers [linxnet.com] . Seriously, a very good read, if ever in doubt who deserves your anger.

Re:flipside (1)

phallstrom (69697) | more than 10 years ago | (#9577015)

can't you configure your outbound mail server to just relay the mail to your provider's mail server?

Re:flipside (1)

FattMattP (86246) | more than 10 years ago | (#9577105)

Then configure your MTA to use your ISPs SMTP server as a smarthost. All your outgoing mail will be routed through your ISPs mail server and won't be rejected by AOL and others.

Lost Port 25 traffic (3, Funny)

Anonymous Coward | more than 10 years ago | (#9576887)

It's a small price to pay for a wick3d screensaver.

Now can we get un-blackholed? (2, Interesting)

tjgrant (108530) | more than 10 years ago | (#9576923)

I have a little mail-server on the end of my cable line for my domain which has three mail accounts on it. I always find it immensely frustrating that my mail server is on MAPS DUL list and people who subscribe to MAPS block my mail.

It's not been a big enough issue that I've installed SASL for my postfix server, but it would be nice to get off the list.

Re:Now can we get un-blackholed? (3, Informative)

paitre (32242) | more than 10 years ago | (#9577079)

Very, _VERY_ unlikely.

One of the tactics that pretty much -all- DNSBLs (and even some ISPs wholesale - like Comcast, incidentally) is to simply not receive email from dial-up type networks. Comcast's consumer-level cable modem service really is no better than dial-up service from a certain point of view (ie. every j6p is able to use it - and they aren't exactly concerned about security).

The odds of a cable modem network getting out of MAPS is as likely as my winning a million bucks tomorrow - nil.

Re:Now can we get un-blackholed? (0)

Anonymous Coward | more than 10 years ago | (#9577168)

You of course realize that running your mail server is against Comcast's terms of service.

AT&T - Comcast (5, Informative)

murderlegendre (776042) | more than 10 years ago | (#9576935)

Spam coming from Comcast subscribers who were formerly on AT&T networks also seems to have decreased.

Seems as as we are *still on* an ATTBI network. I was originally an ATTBI subscriber, and the Comcast transition occured many months ago. Interestingly enough, my rDNS still resolves to:

[ip].[state].client2.attbi.com

Seems awfully odd that this remais.. one would think, at least for the sake of the brandname, that this would be reporting comcast.net

Re:AT&T - Comcast (0)

Anonymous Coward | more than 10 years ago | (#9577072)

You're not the only one! Mine resolves to ne1.client2.attbi.com too. I've been a subscriber long before Comcast took over. When I roam on neighbor's wireless networks (naughty I know, but they're all wide open!) most of them show Comcast, so I think it's customer specific and not area specific.

"Paying off" ?!? (0)

Anonymous Coward | more than 10 years ago | (#9576977)

The other way of looking at this is that despite the draconian measure of blocking port 25, 65% of spam is still getting through.

C minus. Must try harder

Less Spam (3, Funny)

radiumhahn (631215) | more than 10 years ago | (#9576996)

... To make up for the difference spammers are making their emails more offensive.

Why just the port? (4, Insightful)

jarich (733129) | more than 10 years ago | (#9577013)

I understand that these machines have been hijacked and the owners aren't at fault (unless you count negligence)... but all that being said...

1) Contact them and tell them what you've learned. Give them 30 days to get the machines patched or cleaned.

2) Terminate their service OR allow their service to continue but charge them an extra amount of $$ per month to cover the "blocking service".

Don't just block the port and let the owners continue in ignorance. You've identified them. Now do something with that information that effects long term change!

Re:Why just the port? (4, Insightful)

cdavies (769941) | more than 10 years ago | (#9577102)

The problem is, none of that is in the best commerical interests of comcast, so they won't do it.

Actually contacting people costs money because a human has to pick up the phone. Terminating their service costs money for obvious reasons, and charging them for a dubious "service" is likely to get your customer angry at you and waste time and money in calls to your help line.

In the short term, automated blocking and letting the user ride along is blissful ignorance is the only viable strategy. Isn't capitalism great?

Re:Why just the port? (2, Funny)

StuWho (748218) | more than 10 years ago | (#9577106)

I believe a home visit by a cattle-prod wielding Company Representative would also do the trick, and I'm sure myself and other recipients of offers such as "Increase Your Penis Size While Improving Your Search Engine Placings On Google" would willingly fund this if neccessary.

Agreed (2, Interesting)

TubeSteak (669689) | more than 10 years ago | (#9577123)

It'd make much more sense to notify them or do a page redirect than to charge extra or shut 'em down. The odds are, if they're acting as a spam relay, their machines aren't patched, running a virus scan, a firewall, etc. So at the minimum, redirect them to a page with a comcast hosted online virus scanner & windows update. I know I'd suggest Ad-Aware & Spybot & a firewall, but if comcast tells you to use anything... they're stuck having to provide tech support when it screws up.

Comcast blocking me.... (1)

whoever57 (658626) | more than 10 years ago | (#9577043)

Oh wait, no! It's just that my Comcast-owned cable modem won't talk to my computer for the n'th time today.

Really! It looks like the equipment they provide now is pure junk. Before it was rock solid, now it goes down many times per day and the only solution is to pull the power connector.

But seriously, why has the spam from Comcast not fallen further? Is Comcast only running a trial on part of its network?

I'm still seeing lots of Comcast IP addresses blocked by using the XBL.spamhaus.net RBL -- how is it that Spamhaus is better at detecting these machines than Comcast?

Re:Comcast blocking me.... (0)

Anonymous Coward | more than 10 years ago | (#9577138)

Maybe you should trash the modem they gave you and go get a good one! I've got an older Toshiba cable modem (a PCX1100, Pricegrabber [pricegrabber.com] lists it for $64 right now) and it is absolutely rock solid. Never unplugged the thing in 3 years, except to get the speed doubling they promoted a little while back!

I might as well sign up with AOL... (4, Interesting)

xiang shui (762964) | more than 10 years ago | (#9577075)

I take offense to this kind of thing. I live in northern Alberta, and my ISP, Telus, recently began blocking a wide range of ports, most of which I had previously noticed heavy worm activity on. So I must presume that is their rationale behind filtering these ports. But this worm activity didn't bother me, since I have my machine properly secured. It's none of my concern if some people don't. Now I feel as if I don't have a REAL TCP/IP connection to the internet. I have 65355 ports on my TCP/IP stack that I should be able to use, as I please. But I no longer can, because of this. I run an HTTP server as a testing ground for some of my web projects, and an FTP server so my friends can transfer files to and from my machine. And I'd like other people on the internet to be able to access these ports, since that's what the internet DOES. That's what it's for. If I wanted a private company to dictate how I could use my computer and my internet connection, I would be a regular Microsoft customer. Admittedly, this situation is a little different than the one in the article - since comcast only blocked port 25 of computers known to be transmitting spam. But the situation with Telus is a blanket filtering of these ports for all DSL users, which I completely disagree with, and it actually angers me. Now I have to find a new service provider, and believe me, this isn't easy in the small community where I live.

Blocking connects from broadband subscribers (5, Interesting)

perp (114928) | more than 10 years ago | (#9577076)

After I first read about this Comcast thing, I looked into how to block connections directly from spambots on home machines to the corporate mail server I admin (~500 users). I set Postfix up to check_client_restrictions and look up the connecting machine's name in a file that lists all the broadband domain names I could find. The results were so good that I have now added every little ISP whose machines send me spam and started using regexes to catch the ones where if I blocked the domain I'd also block their mail server.

The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.

I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.

Re:Blocking connects from broadband subscribers (1)

TubeSteak (669689) | more than 10 years ago | (#9577141)

Not to jinx it, but what if some jerk starts spamming your abuse account?

IPs or users? (1)

PrvtBurrito (557287) | more than 10 years ago | (#9577092)

those IP addresses I hope they are blocking users and not IPs, because a lot of the offenders are probably on dynamic IPs....

If anything I'm seeing more spam (3, Insightful)

csk_1975 (721546) | more than 10 years ago | (#9577100)

I'll check my logs when I get into the office, but if Comcast has reduced the flood of spam from their netblocks then someone else has more than taken up the slack.

Normally I get between 2,000-2,500 spam a week in a mailbox I use as a spamtrap. In the past month this has ramped up and last week there was over 4,500 and since monday there are 2,485, um 6, um 7, spams in this particular mailbox. So in 4 days I've seen as much as I normally see in a week - and its not even the weekend yet when the real flood of spam kicks in.

No blockage? (1, Redundant)

Fenis-Wolf (239374) | more than 10 years ago | (#9577130)

I'm on Comcasts network, and I haven't had any problems sending email, and I'm not using their email servers. This seems to be an isolated policy perhaps?

Comcast isn't the world (0)

Chatmag (646500) | more than 10 years ago | (#9577207)

Just in the last few minutes, and checking headers, the spam I recieved came from Sweden, Korea, and one from...drum roll...Comcast. But seriously, most of the spam is coming from not just the USA.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?