Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

Spam Blacklist Targets Hijacked Telewest Customers 337

Posted by timothy from the spammers-should-be-hung-by-their-thumbs dept.
davidmcg writes "BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm. The Spam Prevention Early Warning System blacklisted the email addresses because a large number of the machines using them have been hijacked by spammers. Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."
This discussion has been archived. No new comments can be posted.

Spam Blacklist Targets Hijacked Telewest Customers More

Spam Blacklist Targets Hijacked Telewest Customers

Comments Filter:

  • Glad it's not my job... (Score:3, Funny)

    by Anonymous Coward on Tuesday May 10, 2005 @02:49AM (#12485836)
    "Telewest blamed recent virus outbreaks for the sudden rise in the number of hijacked home PCs. "We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task," it said."

    I sympathise with them, I've tried banging my head against the wall before and it's not fun!

    • Re:Glad it's not my job... (Score:4, Insightful)

      by anagama ( 611277 ) <obamaisaneocon@nothingchanged.org> on Tuesday May 10, 2005 @04:08AM (#12486137) Homepage
      Well, if banging your head against a wall doesn't work, how about shutting down internet access for affected machines. The machine owners would get the hint rather quickly. Secondly, make a liquidated damages clause in the user agreement. Something like, "if your machine is hijacked and you are found to have sent in excess of 25,000 email messages, you owe us $250 -- oh and BTW, here some tools to use to prevent becoming infected."
      • A clause like that would probably be a "penalty" and therefore unenforceable under English law. In English law you can only recover for your actual loss; a pre-agreed amount is only enforceable if it represents a genuine pre-estimate of the loss. I suspect it would be very difficult, as a legal matter, to show a significant loss.

        There may also be a problem with enforceability to the extent you are penalising someone for the actions of a third party; okay the user would have been okay had they kept all thei
        • It is reasonable to expect them to read the TOS for a service they pay for. And 250$ isn't that much in admin time.
        • is it reasonable to expect the average user to know this?

          Yes. Just because the users ARE stupid, doesnt mean they should be allowed to BE stupid.

          Try walking around town with a ghetto blaster playing some obscene music and see how quickly the police/someone from the public try to shut you up.
        • In English law you can only recover for your actual loss; a pre-agreed amount is only enforceable if it represents a genuine pre-estimate of the loss. I suspect it would be very difficult, as a legal matter, to show a significant loss.

          I don't know about difficulty of showing a loss - Lost customers, admin and helpdesk time due to spam listings adds up in a hurry. That SPEWS listing probably won't go away soon - the amount of time to get delisted tends to reflect the severity of the problem, and if they

        • If the average user wants to connect his computer to the Internet where he can affect other people then yes, I think it IS reasonable to expect them to know that they need to keep their software up-to-date and to take other reasonable steps to protect their systems. I don't foresee any issues enforcing clauses in the contract that state that the user is responsible for the security of his system. Who else is going to be?
      • Why they don't just block outgoing port 25 and have a web-interface that users can use to re-enable it if they have the need. Or they could re-route all their outgoing port 25s through an ISP mailserver that could look for spammers and automatically throttle outgoing 25 from certain IPs if they are used excessively.

        Just have something where the user would have to enter their username/psw, and type-in some sort of obfuscated verification code from the website to re-enable their ports.

        If the user re-enable
        • The newer spam-bots send their mail through the ISP's regular mail server, just as if the user was sendingn it. The days of connecting to an open relay are gone.

          Your suggestion for monitoring and throttling traffic if it's excessive might work. Few non-business users send more than 50 emails a day. Or the ISP could run a spam filter on outgoing traffic, looking for links to commonly spammed sites and common terms like V*agra.

      • i've been wishing that they would cut people off for months. Ever since the blaster worm (i think it was that) Telewest have done feck all about it.

        When I first got telewest the activity light on the front of the modem only lit up when I was accessing the net. These days the light never goes out as there are constant pings against my firewall all from the telewest IP range.

        Oh and don't bother sending abuse any info about possible IP machines that have been infected as they do nothing with them. A number o

        • Re:Glad it's not my job... (Score:4, Insightful)

          by tomhudson ( 43916 ) <barbara.hudson@b ... m ['son' in gap]> on Tuesday May 10, 2005 @09:12AM (#12487516) Journal
          So why the fuck don't they just give everyone a fixed IP? They CAN do this, on both cable and adsl networks (we've been offered a fixed IP for on adsl free at the office, years after they said it wasn't possible "for technical reasons".

          The real reason - they're just as lazy fucks/ignorant n00bs as their customers.

          They keep singing the same old song, but its their customers that are causing the problem. Police them. Fixed IP. You're a zombie - you're gone. Let them sing "The Monster Mash" for all I care.

          And the politicians/dickheads won't do anything because they are allowed to spam you (nice going guys - pass laws against spam, but include an exemption for yourself). Make politicians have a fixed IP (dr00l).

          The best part about fixed IPs - if we bookmark them instead of doing a dns lookup, we couldn't have to worry about dns outages. Or stupid domain name wars. We do it with 10-digit phone numbers and 4-digit extensions - wtf can't we do it with a n 8-to-12 digit number on the net? Because the average user is STOOPID!

          SPEWS did the right thing. Telewest fucked up.

          Now if SPEWS would BLACKHOLE AOL, I'd notice a lot fewer probes. And while they're at it, maybe, as a public service, blackhole any site containing crapfloods from Maureen O'Gara.

    • Should point out.... (Score:5, Informative)

      by Tehrasha ( 624164 ) on Tuesday May 10, 2005 @04:44AM (#12486242) Homepage
      ..that no email addresses have been blacklisted.

      Telewest has had almost one million email address blacklisted by an anti-spam firm.

      SPEWS does not block email addresses, it lists IP addresses. Its up to admins who use SPEWS to decide whether or not to use the listing to block email coming from those IPs.

      If the users in those affected IPs use a legitimate email server, they can still send email to their hearts content. Only people running their own mail servers and direct-to-mx traffic would be affected.

  • SPEWS (Score:5, Insightful)

    by trelanexiph ( 605826 ) on Tuesday May 10, 2005 @02:49AM (#12485839) Homepage
    odd that the ISP never made an issue of their "Efforts" to clean up their customerbase before ending up in SPEWS. Some people say wholesale blacklisting is ineffective, some whine about false positives, I bet these guys really want to get out of the spotlight so they stop looking incompetant. Well done spews, whoever you are. By the way this article makes a serious mistake:
    SPEWS does not exist (TINS (there is no SPEWS)). SPEWS therefore cannot make announcements of any sort whatsoever, though they do have the Lumber Cartel (TINLC) to speak for them.

  • Good luck calling around (Score:3, Funny)

    by xiando ( 770382 ) on Tuesday May 10, 2005 @02:50AM (#12485843) Homepage Journal
    Spam is a huge problem and any ISP may obviously be subject to blacklisting due to infected machines,Telewest is probably no worse than any other. What I find interesting, though, is that the article states they think 16,000 machines are infected. And the slashdot article claims "have been working with customers to regain control of their machines.". Good luck, I am glad it's not me who's job it is to call all those 16.000 users... (my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe, but .. I'm not important)

    • Re:Good luck calling around (Score:4, Interesting)

      by trelanexiph ( 605826 ) on Tuesday May 10, 2005 @02:57AM (#12485876) Homepage
      Telewest is probably no worse than any other.
      for a medium size ISP 16,000 machines spewing crap is a huge issue.
      my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe
      I run the AHBL [ahbl.org] and I am a firm believer in this. You are responsible for your car on the highway, you are responsible for the actions of your children if you have them, and you should be responsible for the damage your computer does to the public network. Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago.

      • Re:Good luck calling around (Score:4, Insightful)

        by sumdumass ( 711423 ) on Tuesday May 10, 2005 @03:36AM (#12486033) Journal
        It would'nt be all that hard to clean this network up. Just block port 25 and allow specific requests thru. Notify email providers/server operaters about the decision a few days in advanced so they can get placed on the list and then put it to work. It would definatly be cheaper then someoen calling 1600 people or having to vewrify they meet with your requirments. Just shoot them an email and say thier service will be diconected if the problem isn't fixed or justified. Those that are infected will be stoped while those that are effected would have an out. If someone requesting an exception is actualy sending spam, it shouldn't be that hard t determin after that and remove them from service completlety. After the situation calms down, open the ports back up.

        In fact, i think it is sort of careless for ISPs to not at least monitor thier common ports for malicious activity. The added trafic from infections could be increasing bandwidth requirments as well as costing the ISPs more money in added equiptment. It just seems logical to try and keep costs down. Whats the chance that 1600 existing users are going to set up a mail server in about a month from each other and then flood the network with trafic that would appear to be comming from thousands of users? This should be spoted easily without some third party needing to get involved. My networks scan email and attachments comming and going at the server level and all it took was a couple of extra seconds to set up. Also snort lets me know of any wierd trafic pattern changes and i can check the difference in logs from several months ago if neccesary. It only take a couple of minutes a day. For this effort you get less people calling and complaining too.

      • Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago.

        Are you saying that there are 1.3 million positive hosts in the AHBL right now, or that over the past two years, you've had a combined total of 1.3 million hosts? There is a world of difference between these two situations, but

    • No need to call the 16,000.

      I expect the vast majority of telewest's customers are set up as per telewest's instructions as far as email goes i.e. they use telewest's smtp servers. If that is the case, their email is not blocked. It is only those who run an email server that will have a problem.

      Not really a problem either, just make postfix (or whatever mta you're using) send mail via telewest's smtp server itself (relayhost directive). Those who run an email server will notice soon enough and take appropr
    • and any ISP may obviously be subject to blacklisting due to infected machines,Telewest is probably no worse than any other.

      Yes, if that is what it takes to get their attention. Many ISPs adopt an "it's not my fault" approach to users abusing their networks, and anybody who runs any kind of mail server without taking steps to secure it is guilty of abuse.

      Similarly, in this day and age, there is no excuse for users not to know that their machines have been zombied. The simple fact is that unless they are ru

    • Irresponsible to let infected machines stay online (Score:5, Interesting)

      by D4C5CE ( 578304 ) on Tuesday May 10, 2005 @04:38AM (#12486225)
      "have been working with customers to regain control of their machines."
      Not knowing the particular details of what went on at that provider, but hardly anyone can claim to "have been working with customers" without even (probing and) shutting down their Internet connections in the first place as soon as they knew that
      • these customers' PCs were infected
      • they were (at least about to be) hijacked
      • the users were unaware or incapable of fixing the problem, i.e. it was demonstrably out of control for the systems' owners.
      With 3+ GHz CPUs, 512-1024 MB RAM, 300+ gigs of HDD and on a 3+ Mbit/s broadband connection, every ISP knows that off-the-shelf PCs can still appear to work under an amazing (crap)load today, and they have more potential to wreak havoc than entire major companies or universites a decade ago ... I have seen (completely unsuspecting) home users' machines infected with no less than 200 different (!) "manifestations" of malware on them at once, several times this year already - from the kind of guys who don't even grasp the concept of a rescue disk, to whom a computer can only be "broken", and who just go and buy a new machine, every year or so, when their previous one comes down to a crawl. Even worse, the "old" machine (full wormload included) is usually passed on (and networked again) to primary-school kids or elderly relatives who are even more clueless.

      None of them had ever received that call from their providers (which could even be automated to some extent):

      "This is Incredible Internet Services Inc. - We regret to notify you that your Internet connection had to be temporarily shut down for violation of our Acceptable Use Policy: (specified ...) You may have overlooked an infection of your PC or an access to your home network accidently left open. To get you back online as soon as possible, a complimentary 30-day trial copy of Soandso Security Software is already in the mail to you. Once you have finished disinfecting and securing your systems, or if you need any additional help, please call customer support at ..."
      • I have seen (completely unsuspecting) home users' machines infected with no less than 200 different (!) "manifestations" of malware on them at once, several times this year already

        200 is not unusual, in some case you can multiply it by 10.

      • Re:Irresponsible to let infected machines stay onl (Score:4, Insightful)

        by Jarnis ( 266190 ) on Tuesday May 10, 2005 @05:11AM (#12486339)
        No can do. High percentage of hijacked machines are in a state that no security software can rescue them from.

        Reinstall windows is the only thing that helps. After that the security software is a good thing.
        However, having seen dozens and dozens of computers where the user was clueful enough to buy a security software, only to find out the system was already in a state where no security software will even install, I'm quite confident that most of these 0wned setups are already way beyond what F-Secure, Norton or the likes can do while installing.

        And sadly reinstall windows can usually just get them owned again (recovery disks having no service packs, so the thing will get first Sasser-derivate into the system 30 seconds after the recovery install is done)

        What computer manufacturers would really need to do is to ship everyone a free replacement recovery disc to get the system up with all patches. Funded by MS because it's their holey software. However, this would actually cost money, so instead people are left on their own.

      • Re:Irresponsible to let infected machines stay onl (Score:5, Interesting)

        by dlZ ( 798734 ) on Tuesday May 10, 2005 @08:22AM (#12487154) Journal
        I get quite a few machines from Road Runner customers that have received a notice and had their service turned off until the machine was fixed. One customer told them she fixed it (she didn't, was using all Macs) and had her service turned back on, just to be almost immediatly turned off until she had proof from some sort of tech support it was fixed (it wasn't her machines... It was her open wireless router and her clueless neighbor who just connected to whatever popped up first.) I had to fax over a letter on my companies letterhead to have her service turned back on once her router was configured properly.

        Have never seen one from a Verizon customer locally, though (RR and Verizon are pretty much the only two providers you see used around here.)
    • One simple fix- block outgoing 25 to all but the ISP's mail servers and see who, if any, complains.

      These are home accounts, they shouldnt need external mail servers for *sending* mail. Yes, someone will probably complain and say they have a server at home which sends their email, thankyouverymuch, but I think a few people running servers on their home internet accounts is a good sacrifice for cutting spam..
  • Not the address I use here on slashdot but my regular email addy (which has been active for about 4 years) is virtually spam-free.. at least I don't see much of it. My domain is registered through EasyDNS [easydns.ca], with the "plus" package you can setup email aliases for your domain.. everything is filtered through their spamhaus/sbl/dsbl/etc blacklists.. then I use thunderbird with junk mail filtering.

    On average I see one spam make it through my junk mail filter in thunderbird. I've set it up for my mom/dad/b

  • So... whats out of the ordinary for this? (Score:4, Insightful)

    by Tezkah ( 771144 ) on Tuesday May 10, 2005 @02:53AM (#12485856)
    BBC.co.uk reports that UK cable firm Telewest has had almost one million email address blacklisted by an anti-spam firm.

    So... ISP allows spam zombies to run free on its network, anti-spam firm overreacts by putting entire network on blacklist.

    Is this really out of the ordinary? Weren't they doing this to US ISPs like Comcast until they started disconnecting zombie PCs?

    Is there anything really out of the ordinary here?

    • Weren't they doing this to US ISPs like Comcast until they started disconnecting zombie PCs?

      If I recall correctly, Comcast's primary method of blacklist prevention is that they don't allow outbound port 25 access from end-user machines, everyone has to go through their SMTP server; Comcast doesn't get blacklisted because machines on their network can't spam. It's a very effective method to prevent traditional spam, one Telewest may want to adopt. As for disconnecting zombie PC's, Comcast does this very r

      • Re:So... whats out of the ordinary for this? (Score:4, Interesting)

        by Tsu Dho Nimh ( 663417 ) <abacaxi.hotmail@com> on Tuesday May 10, 2005 @09:08AM (#12487477)
        "they don't allow outbound port 25 access from end-user machines, everyone has to go through their SMTP server; Comcast doesn't get blacklisted because machines on their network can't spam. "

        The current way of spamming is not to use Port 25 ... the spam-bots run the spam out through the ISP's mail server, JUST LIKE THE CUSTOMERS! A spam-bot sending 100-500 emails an hour, 24x7, doesn't sound like much until you figure out how many spam-bots Comcast has. I get spam from comcast ... enough spam that I whitelisted a couple of people and /dev/null the rest.

  • Hmph (Score:5, Insightful)

    by oPless ( 63249 ) on Tuesday May 10, 2005 @02:53AM (#12485858) Journal
    They're just listing IP ranges. A complete non-newsworthy item. Consumer machines on broadband/dialup should be going through their ISPs smarthosts anyway ... which seems to be standard practice these days, to the point many isps block smtp or redirect port 25 to their own smarthosts.

    Nothing to see here, move along.

    • Re:Hmph (Score:5, Informative)

      by aug24 ( 38229 ) on Tuesday May 10, 2005 @04:16AM (#12486163) Homepage
      many isps block smtp or redirect port 25 to their own smarthosts

      This is true... my UK ISP, Nildram, simply blocks port 25 outbound for all machines unless certain conditions are met. Very few home users will have any need for this as they will use Nildram's mail server outbound, so only compromised machines which already run smtp services (and have previously passed the open proxy test) can become an issue - a tiny proportion.

      With simple solutions like these, this should be a non-newsworthy item. However, with useless bastards like TeleWest not bothering to do this and permitting unfettered port 25 outbound, it is newsworthy, if only for name-and-shame reasons. Assuming you live in the UK and give a shit, of course ;-)

      J.

  • Responsibility (Score:3, Interesting)

    by NoGuffCheck ( 746638 ) on Tuesday May 10, 2005 @02:54AM (#12485861)
    Seems Telewest are actually attempting to rectify this situation, although you have to wonder how it is their responsisbilty.

    FTFA: One hijacked PC on the Telewest network was sending out more than 100,000 e-mail messages per day, he said.

    In cases like these if the offending computer is cleaned with (insert time frame here) then perhaps some negative reinforcement should be considered. fines etc???

  • Almost a million addresses? (Score:3, Interesting)

    by jim_v2000 ( 818799 ) on Tuesday May 10, 2005 @02:54AM (#12485862)
    "Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines."

    Somehow I have a bit of trouble believing this. How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it? Or an email with such software in it? Or even call users and tell them they have an issue?

    I don't think they've done jack crap myself. And anything they have done is some token gesture to salvage their image.
    • Somehow I have a bit of trouble believing this. How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it? Or an email with such software in it? Or even call users and tell them they have an issue?

      You're first two suggestions would likely expose Telewest to possible litigation. I can imagine users blaming Telewest if the software they were sent managed to screw up their computer in a way that resulted in data lost.
      You're third suggesti
      • Nahh, they just need a big disclaimer stating that there not responcable and you should either purchase somethign or use one of thier freebees they offer. AOL and time warner have been offering free antivirus and in some cases spyware monitoring aplications for quite a while now doing this exact same thing.

        I think the protecting factor here is that they tell you to buy from someone else or use what they packaged for you. If it was a requirment to use thier stuff then i could see the litigation. If it is j

    • Somehow I have a bit of trouble believing this. How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it?

      Erm... Not as easy as you would have us believe. Firstly, the software has to be sourced, secondly, the licences have to be checked (they could get into trouble, for example, if they gave a CD containing 'free for home use' software to a business), the CD has to be produced and then it has to be distributed to the customers. If the

      • this is business and all business cares about is the bottom line.

        Isn't that what Mr. Gotti and Mr. Capone thought too?

        So, Telewest shouldn't be held accountable for such a situation going completely haywire? If they just want to smoke their own servers that's fine with me, but when their users spew millions of messages per hour to the global mail infrastructure it's their damn responsibility to clean up their act.

        Assume a chemical plant, which is a security hazard, but which the owners won't clean up,

    • When I joined, Telewest sent me an e-mail with a link to Zone Alarm, AVG anti-virus and various anti-spyware utilities.

    • "How hard would it be for a large company like Telewest to send it's subsribers a CD with anti-virus/adware removal tools on it?"

      Telewest (AKA Blueyonder) sent one out to all subscribers about a year ago... it was a little tin box with a first aid symbol on the top with a CDROM inside... absolutely useless and unnecessary to me as I run Linux ;)

      I suppose I could open it up tonight and report back with what's actually on the disk... unless any other Telewest (AKA Blueyonder) user is able to check during

  • easy fix for this crap (Score:4, Insightful)

    by timmarhy ( 659436 ) on Tuesday May 10, 2005 @02:55AM (#12485867)
    isp's - block port 25 by default, and in account management allow users to unblock it. 99% of people will neveruse it, and those that do will account for such a small number you won't get many support calls for it. shit loads less work then fixing 16000 machines.
    • And what about trojans that grab the smtp server settings from OE? And username/password for that matter. Granted it makes it somewhat easier to identify (and slow down the spread of spam) but if it does that you still have to track down the customer and fix them. This would be a band-aid solution to the problem, spam would die for a bit then rocket back up. Not to mention that - although a small problem - you still run into the occassional "network admin" that runs an open relay or has a rooted windows/*ni

  • I miss the old days (Score:4, Insightful)

    by birge ( 866103 ) on Tuesday May 10, 2005 @02:57AM (#12485875) Homepage
    I think this is a good example of how the democratization of the net has really screwed things up in some ways. The net was never intended to be so centralized (undecentralized?), with huge ISPs serving millions of customers. Of course there's going to be zombie networks. The net wasn't designed to have millions of individual users directly connected from essentially unsupervised subnetworks. Notice that you never hear about a company or university having a significant percentage of their machines taken over, especially not for a long time. Originally, the network was just large organizations connecting their managed networks to the backbones, usually from behind firewalls. But an ISP doesn't watch it's clients computers the way a sysadmin would (nor should they) and thus we have the present, sorry, situation of millions of Microsoft moms unwittingly playing host to a global crime wave.

    It's a good thing we have such secure consumer operating systems, or this could turn into a real problem!

  • Telewest faced usenet death penalty 3yrs ago (Score:5, Interesting)

    by throwaway18 ( 521472 ) on Tuesday May 10, 2005 @03:05AM (#12485920) Journal
    About three years ago a usenet death penalty was issued against Telewest. Before it came into force they stopped all messages spreading out from their main newsserver and began scanning their customers for open newsservers and open proxys.

  • Self help solution (Score:4, Interesting)

    by wallior ( 617195 ) on Tuesday May 10, 2005 @03:19AM (#12485974) Homepage
    When my cable company had any issues with spam from any of their customers, they simply cut off their internet until the customer had their computer fixed. Seems easier than what this cable company is going through. User can either pay to have their computer cleaned and secured, or do it themselves. They then advise the Cable company to put them back on. Lot better for every other customer who is responsible enough to maintain their PCs.

  • SPEWS isn't a firm (Score:5, Insightful)

    by kaarlov ( 259057 ) on Tuesday May 10, 2005 @03:28AM (#12486003)
    SPEWS is not a "anti-spam firm". Check their website at http://spews.org/ [spews.org] for more explanation. And anyone too conserned about false positives should do their due dilligence when picking the DNSBLs they use and notice that SPEWS blocks fairly large netblocks. And there probably will be a lot of legitimate mail sent from bad neighborhoods. SPEWS is a very good tool for blocking spam and educating ignorant ISPs, but it's not suited for everyone.

  • Email Addresses? (Score:5, Informative)

    by Underholdning ( 758194 ) on Tuesday May 10, 2005 @03:29AM (#12486010) Homepage Journal
    Spews doesn't block email addresses. As a matter of fact, they don't block anything. Spews is a database of IP addresses.
    • As the headline said, it had blacklisted them, not blocked them. When you list entire networks of IPs, you effectively blacklist many addy's at many domains.

      So I think you've been a bit pedantic.

  • Is blocking port 25 really useful? (Score:3, Interesting)

    by tx_kanuck ( 667833 ) on Tuesday May 10, 2005 @04:19AM (#12486172)
    I only ask since I don't know. Isn't it possible to run an SMTP server on a different port then 25? It only has to send out from a zombie machine, not recieve mail, so why not run it on say....port 2000? Or is it the fact that it has to send *to* port 25 that's getting blocked?

    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Tuesday May 10, 2005 @05:22AM (#12486370)
      Comment removed based on user account deletion
    • When you see people refer to 'outbount' port 25, they mean an attempt to connect to p25 on some other machine. In fact, these zombies are not smtp *servers*, they are smtp *clients*, acting similarly to Outlook Express or Thunderbird, but with the user bits automated. They are a programe to 'type in' millions of spam emails and then send them direct to the target user's smtp server.

      In fact, as smtp works on a 'store-and-forware' principle, most real people send their emails to their ISPs smtp server (eg
    • There are several circumstances where the use of an alternate SMTP port is desirable, and RFC 2476 recommends port is 587 as an alternate SMTP port. Unless you have prior arragements with the recipient mail server to accept mail on an alternate port, it is extremely unlikely that they will receive your email using any port other than port 25. SMTP servers that use alternate ports are doing so for a reason, and they are very likely to use an authentication system.
  • I have found an interesting offer: pay 50 bucks and you are removed immediately from the spam list. Have a look here [uceprotect.net]

    Interesting: The company won't say who they are. [admins.ws] They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law.

  • My experiences with Telewest (Score:3, Interesting)

    by Lurks ( 526137 ) on Tuesday May 10, 2005 @05:08AM (#12486332) Homepage
    I can't win. For ages I've run my own mail server for myself and two other flats in London that run off my 4MB Telewest cable modem. Unfortunately there's a number of these blacklist operators that have mapped out the IP space of the cable modems themselves and I find the odd email gets bounced.

    So awhile ago I switched to using their own mail servers and now I'm getting even more blocked. Argh!

    Broadband providers will actually have to start taking responsibility for this sort of thing and disconnect zombie infected clients. Not just for the good of the Internet as a whole but so their OWN customers don't jump ship to a small DSL provider to avoid this irritating blacklist nonsense.

    Interestingly a couple of years ago, or so, they cut me off because they eroneously claimed that my mail server was relaying. It wasn't, it never was. They refused to take my calls and sort it out and I had no option to cancel the service and write a letter of complaint to their management. I spent another six months on a DSL provider before running back, tail between legs. Maybe they've taken the view that enforcing these tests (which are necessary, I will admit, although they did seem inept at it) costs them customers like me - users of their highest and most expensive tier of service? But surely the biggest problem is zombies on family PCs via the basic service?

    Note: Other than that, Telewest/Blueyonder is by far and away the best broadband service I have used. Never any evidence of contention and it's many times more reliable than any DSL service (and I've tried six) with pretty much bugger all down time.

    • > Broadband providers will actually have to start taking responsibility for this sort of thing and disconnect zombie infected clients.

      Interestingly, blueyonder *do* have a suitable clause in their Ts&Cs, or at least did when I signed-up (~3.5yrs ago), that security was the user's problem and that they may well disconnect idiots. I really wish they'd acted on it more.

      > they eroneously claimed that my mail server was relaying. It wasn't, it never was.

      I blocked their scanner with an icmp-admin-pro
    • ... but so their OWN customers don't jump ship to a small DSL provider to avoid this irritating blacklist nonsense.

      Thats possibly exactly what SPEWS want to happen.

      "Hey, our custimers are leaving us."
      "Darn, we'll have to cut the zombies off."

      • ... Thats possibly exactly what SPEWS want to happen.

        Undoubtedly but I contrasted that with the fact that their last effort on cracking down on this sort of thing (in the case of mail relay), they got wrong and it lost them a customer. So Telewest may be wary of pissing anyone off too.

    • Next time you want to jump ship, try Nildram if they're in your area. I've never had /any/ downtime on the service, and even their sales monkeys understand questions like 'Can you give me a static IP? Do you block port 25 by default?'. Compare with NTL's chaps who on being asked 'Do you hire cable modems' said 'yes, what channels do you want'...

      J.
      • Yes, I've tried Nildram too. Good stuff. The problem is they're DSL and basically it's just not as good as cable. Not as fast, not as low latency, not as reliable.

        After six different providers on both business and domestic tarrifs, I don't make this statement lightly.

  • Telewest have been blocklisted by SPEWS for quite literally YEARS! I remember discussing this with their support team in 2002/3 and them merely saying that they wouldn't pay their "charity" fee because that amounts to blackmail. Quite reasonable, IMO. I imagine it's quite a moneyspinner, extracting cash from corps who technically could afford it.
    • SPEWS does not ask fees for delisting. The only thing they care is that the spam stops.

      You (or Telewest) have them confused with some other DNSBL.
  • I've heard all kinds of confusing things when people try and explain an IP address to the general public, but that a slashdot subscriber confuses an IP address with an email address takes the cake.

    SPEWS blocks IP address ranges, i.e. netblocks, as the article very clearly states.
  • This article mischaracterizes how SPEWS works completely. SPEWS does not communicate actively. The only form of feedback one can gain is through their listings and from their website. Otherwise, SPEWS has said nothing since it's inception, has been represented by no one (no one except the denizens of news.admin.net-abuse.email, and then only from a third-party viewpoint), and will probably continue to say nothing.

    What's really happened is that TeleWest, like many other cable and dsl providers, has had t
  • Telewest have stated that they knew about the problem and have been working with customers to regain control of their machines

    Start
    Shut-Down
    Restart in MS-DOS
    c:\format c:
  • So rather than ban 16000 individual IP's, they figured, "hey, a 60 to 1 false positive rate isn't so bad, lets just block a million IP's worth of subnets."

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close