On Tue, Dec 2, 2008 at 9:41 AM, Bayard Coolidge <[EMAIL PROTECTED]> wrote: > ... considered a spammer and/or that I had a security problem caused by > a virus/bot. > ... I'm wondering what their real agenda is...
Making money, of course. But they're trying to increase their money by blocking spam (thus saving both hardware resources, and resources on abuse complaints). The vast majority of spam is sent out from compromised MS-Windows computers. Since non-server versions of MS-Windows don't include an SMTP service, any legit MS-Windows home user on a Comcast feed is going to be relaying through Comcast's SMTP servers. The percentage of their customers which fit this profile so high it is effectively "all". So any Comcast customer sending SMTP traffic is -- by this definition -- a spam source. Obviously, most of the people on this list don't fit the above customer profile. Again, the percentage of such is so small that, for Comcast's purposes, it's effectively zero. I'm not asking anyone to like it. This is what modern malware is *really* about. It isn't just vandalism or hack value, like the malware of old. All these trojans, worms and the like are all about hijacking millions of luser computers for nefarious --and *profitable* -- purposes. The most common use is to turn them into zombie spam cannons in a botnet. I recent saw some claims that the time-to-widespread-exploit of new vulnerabilities has actually increased slightly. The speculated cause? Malware writers now put their exploits through more stringent QA processes. Better quality malware is more profitable. > The recommended fix apparently is to move my outbound SMTP to Port 587, which > I have now done. To clarify, what they had you do was reconfigure your mail software to send all your outgoing mail through Comcast's mail servers, on TCP port 587? If so, I'm guessing Comcast's goal is to get all of their customers using TCP/587 to submit to their outbound SMTP relay hosts. That means they can do either of: A1: Blocking TCP/25 to their SMTP relay hosts. Reasons for doing this might include: A1R1: Eliminating load from random spam attempts. They probably get lots of spam attempts from customer systems. Lots of spam cannons fire blindly. A1R2: Reducing attack surface. A2: Blocking TCP/25 throughout their residential-customer networks, rather than at the outbound edge. Reasons for doing A2 might include: A2R1: Saving significant bandwidth within their residential-customer networks. A2R2: Making it easier to identify compromised MS-Windows computers. (I doubt this is it, since it doesn't make Comcast any immediate profit.) TCP/587 is the registered port for the MSA (Mail Submission Agent), which is kind of like "SMTP Lite". Of note, MSA cannot be used for mail exchange (relay/final delivery). MSA also almost always requires authentication in most real-world systems. It's thus not useful to spammers.) There's an obvious spammer response to A1R1: Hijack the luser mail client (or its configuration values) to discover the local MSA and credentials. However, that's much easier for an ISP to detect, throttle, and if needed, cut-off on a per-user basis. I see that as a good thing; lusers will have to learn about responsible operating. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/