I would like to have seen Comcast do this in some more gentle way.  In my case,
I got the message that I was a spammer last March.  I was helping with
communications right before my daughter's school play.  Just days before the
show, when we were making last minute tweaks to the schedule, BAM!  My outbound
email no longer works!  Comcast first asked me to send my emails to this group
using their web interface.  So, basically when I had little, if any free time
anyway, I was supposed to re-create my distribution list.  The next day, I was
told that a change in the outgoing port number would be sufficient. 

Bottom line... I didn't really mind the change.  I minded that there was no 
warning.

Peg


> On Tue, Dec 2, 2008 at 9:41 AM, Bayard Coolidge <[EMAIL PROTECTED]> wrote:
> > ... considered a spammer and/or that I had a security problem caused by
> > a virus/bot.
> > ... I'm wondering what their real agenda is...
> 
>   Making money, of course.  But they're trying to increase their money
> by blocking spam (thus saving both hardware resources, and resources
> on abuse complaints).
> 
>   The vast majority of spam is sent out from compromised MS-Windows
> computers.  Since non-server versions of MS-Windows don't include an
> SMTP service, any legit MS-Windows home user on a Comcast feed is
> going to be relaying through Comcast's SMTP servers.  The percentage
> of their customers which fit this profile so high it is effectively
> "all".  So any Comcast customer sending SMTP traffic is -- by this
> definition -- a spam source.
> 
>   Obviously, most of the people on this list don't fit the above
> customer profile.  Again, the percentage of such is so small that, for
> Comcast's purposes, it's effectively zero.  I'm not asking anyone to
> like it.
> 
>   This is what modern malware is *really* about.  It isn't just
> vandalism or hack value, like the malware of old.  All these trojans,
> worms and the like are all about hijacking millions of luser computers
> for nefarious --and *profitable* -- purposes.  The most common use is
> to turn them into zombie spam cannons in a botnet.
> 
>   I recent saw some claims that the time-to-widespread-exploit of new
> vulnerabilities has actually increased slightly.  The speculated
> cause?  Malware writers now put their exploits through more stringent
> QA processes.  Better quality malware is more profitable.
> 
> > The recommended fix apparently is to move my outbound SMTP to Port 587,
which I have now done.
> 
>   To clarify, what they had you do was reconfigure your mail software
> to send all your outgoing mail through Comcast's mail servers, on TCP
> port 587?
> 
>   If so, I'm guessing Comcast's goal is to get all of their customers
> using TCP/587 to submit to their outbound SMTP relay hosts.  That
> means they can do either of:
> 
> A1: Blocking TCP/25 to their SMTP relay hosts.  Reasons for doing this
> might include:
> 
>       A1R1: Eliminating load from random spam attempts.  They probably get
> lots of spam attempts from customer systems.  Lots of spam cannons
> fire blindly.
> 
>       A1R2: Reducing attack surface.
> 
> A2: Blocking TCP/25 throughout their residential-customer networks,
> rather than at the outbound edge.  Reasons for doing A2 might include:
> 
>       A2R1: Saving significant bandwidth within their residential-customer 
> networks.
> 
>       A2R2: Making it easier to identify compromised MS-Windows computers.
> (I doubt this is it, since it doesn't make Comcast any immediate
> profit.)
> 
>   TCP/587 is the registered port for the MSA (Mail Submission Agent),
> which is kind of like "SMTP Lite".  Of note, MSA cannot be used for
> mail exchange (relay/final delivery).  MSA also almost always requires
> authentication in most real-world systems.  It's thus not useful to
> spammers.)
> 
>   There's an obvious spammer response to A1R1: Hijack the luser mail
> client (or its configuration values) to discover the local MSA and
> credentials.  However, that's much easier for an ISP to detect,
> throttle, and if needed, cut-off on a per-user basis.  I see that as a
> good thing; lusers will have to learn about responsible operating.
> 
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> 


_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Reply via email to