Andrew,
I think you spoke too soon. My stats from yesterday still show that 3.17% of my total E-mail volume came from Comcast DUL space. This is however a reduction from the 6.51% that I saw on a Thursday one month ago (I tag some DUL space with custom filters to supplement the RBL's shortcomings).
Comcast has always had some areas that blocked port 25, for instance one day about 2 years ago I got a call from a family member that couldn't access their E-mail and after over an hour of testing things out over the phone, we called their support who confirmed that they had blocked port 25 (and not said a single thing to any of their customers). This was the first time that I saw this.
The good news is that within a month I should have port 587 working on my system and I pray that Ipswitch sees the need to convert their system so that they will allow for AUTH only on this port which would make things easier for me (one less set of Declude licenses to buy down the road when I separate my scanning server from my hosted account server).
The bad news of course is that when bigger players start moving in this direction, it could set a precedent and the rest could fall like dominoes. I can't blame the ISP's for wanting to do this, and from their perspective, it is a bigger issue to have so many zombies as opposed to blocking legitimate uses of other E-mail servers. From our perspective as spam blockers go, I feel that most of those that suggest just simply blocking port 25 is misguided because it limits our customers, doesn't really solve a problem as capable hands have this figured out already, and it will make spam harder to block as spammers seek new avenues from a countless number of other hosts that are harder to tag than DUL space. We should be strongly supporting AUTH only port 587 support in the software and then port 25 blocking as total solution to hijacked residential computers. Although I like my broadband honeypots, that's not necessarily a good reason though to keep them open, and the landscape is bound to change in any event, though when and how fast is an open question.
Anyone hear anything from Ipswitch about port 587?
Matt
Colbeck, Andrew wrote:
Sorry, Matt!
http://www.theinquirer.net/?article=16960
... which seems to bear fruit. I've received exactly 4 zombie spams from the ComCast network since June 17, 2004, and my usual rate is tens to hundreds per day from them.
Unfortunately, there's no indication that ComCast will take any further action, due to the cost per incident to their Help Desk, so all of those zombies will still be alive and well, just not sending spam directly from the infected workstations.
Which in turn means that the worm will turn, and we can expect upgraded versions of those zombies that will do something else. I expect that they will at least start using the ComCast smarthosts, so if you're whitelisting the legit ComCast mailservers, look out!
Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
