Andrew,
I think you spoke too soon. My stats from yesterday still show that
3.17% of my total E-mail volume came from Comcast DUL space. This is
however a reduction from the 6.51% that I saw on a Thursday one month
ago (I tag some DUL space with custom filters to supplement the RBL's
shortcomings).
Comcast has always had some areas that blocked port 25, for instance one
day about 2 years ago I got a call from a family member that couldn't
access their E-mail and after over an hour of testing things out over
the phone, we called their support who confirmed that they had blocked
port 25 (and not said a single thing to any of their customers). This
was the first time that I saw this.
The good news is that within a month I should have port 587 working on
my system and I pray that Ipswitch sees the need to convert their system
so that they will allow for AUTH only on this port which would make
things easier for me (one less set of Declude licenses to buy down the
road when I separate my scanning server from my hosted account server).
The bad news of course is that when bigger players start moving in this
direction, it could set a precedent and the rest could fall like
dominoes. I can't blame the ISP's for wanting to do this, and from
their perspective, it is a bigger issue to have so many zombies as
opposed to blocking legitimate uses of other E-mail servers. From our
perspective as spam blockers go, I feel that most of those that suggest
just simply blocking port 25 is misguided because it limits our
customers, doesn't really solve a problem as capable hands have this
figured out already, and it will make spam harder to block as spammers
seek new avenues from a countless number of other hosts that are harder
to tag than DUL space. We should be strongly supporting AUTH only port
587 support in the software and then port 25 blocking as total solution
to hijacked residential computers. Although I like my broadband
honeypots, that's not necessarily a good reason though to keep them
open, and the landscape is bound to change in any event, though when and
how fast is an open question.
Anyone hear anything from Ipswitch about port 587?
Matt
Colbeck, Andrew wrote:
Sorry, Matt!
http://www.theinquirer.net/?article=16960
... which seems to bear fruit. I've received exactly 4 zombie spams from
the ComCast network since June 17, 2004, and my usual rate is tens to
hundreds per day from them.
Unfortunately, there's no indication that ComCast will take any further
action, due to the cost per incident to their Help Desk, so all of those
zombies will still be alive and well, just not sending spam directly from
the infected workstations.
Which in turn means that the worm will turn, and we can expect upgraded
versions of those zombies that will do something else. I expect that they
will at least start using the ComCast smarthosts, so if you're whitelisting
the legit ComCast mailservers, look out!
Andrew 8)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
