koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to bigchris
Re: [Spam] Comcast reporting spam from my IP
said by bigchris  :Comcast will not provide you the logs or evidence of why you were blocked. Having worked at hotmail you can understand why, it's not only an issue of storing private information but also a question of subscriber base size. It would simply be impossible to provide that evidence for the size of user-base. Comcast treat spam over any port with equal distaste, despite what the abuse rep said. However, with port 25 being open with no AUTH requirement it's significantly easier for a spammer to utilize that port rather than 587 or 465. The reason is obvious and it's that they need to know a valid username and password which requires a lot more work on their end. Finally, you are probably right in the cause of the block. i.e. you were reported as sending spam. Just move to 587 with AUTH (or 465 AUTH and SSL if you can). *nod* Thanks for the clarification. I've migrated to prt 587 (postfix + Cyrus SASL for SMTP AUTH). Port 465 is a pain due to extra reliance on stunnel, since postfix doesn't natively support port 465 any longer.
An interesting experiment -- and I am not condoning or advocating this in any way, as it's shady -- would be to send Comcast some mails with forged Received: headers to see if they rely solely on the report, or if they do go back through SMTP server logs to correlate the claims. |
|
bigchris
Do Not Shoot The Messenger
Premium,MVM
join:2002-04-29
Leesburg, VA | I'm not going to comment on what we would or wouldn't do, but I guess I'd question why you'd want to bother with it. You now have a working solution so why mess with it. |
|
odog
Cable Centric Vendor Biased
Premium
join:2001-08-05
Norcross, GA
clubs: | reply to koitsu
Check your IP here
www.senderbase.org |
|
KookyMan
join:2001-09-09
Clio, MI
| reply to koitsu
I think its unnerving that they are unwilling to provide information.
For first time offenders, it is not a substantial amount of data to keep the "reported" email if you have been alleged as sending spam. Text is very compressible.
Sure if you have someone who is a repeat offender, ditch the evidence, or if you get say 999 messages that are classed as spam, fine. But if it's one or two, there is no reason you can't save it. Or at least the headers. Or the body. Right now I'd be happy for either. Why? Simple:
Right now I have a lot of work ahead of me to go through all my systems to determine if a breech has occurred, which may not be true. This is like looking for a needle in a haystack (4 in my case) and there might not even be a needle to find! Why would headers help me? Because I could see definitively that the email originated from my IP. I could see the "From" line to determine if it was one of my accounts (and ergo may Not be real spam but a misunderstanding) or if its from a invalid ID. If I could see the body, I could again determine if it was one of my emails that was misunderstood or if it was something I've never seen before.
I think what I'm going to do is reroute smtp.comcast.net on my in-house DNS to point at my local linux system and see if it collects mail trying to go out... Does this sound like something that might work?
--
I miss my dial-up modem... It was an error correcting modem... I seem to have so many typo's lately..... |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
 ·RoadRunner Cable
| said by KookyMan :: I think what I'm going to do is reroute smtp.comcast.net on my in-house DNS to point at my local linux system and see if it collects mail trying to go out... Does this sound like something that might work? I doubt it. If you have malware, it is acting as its own mailserver, using poprt 25 to send mail to other servers. I've not seen a case where malware used the ISP's server. That's why port 25 blocks work.
With respect to providing you with information, do you really want Comcast intercepting your email? Almost certainly a criminal act for them to do so. |
|
KookyMan
join:2001-09-09
Clio, MI
| Intercepting, no. However if an email was forwarded to Comcast and reported as spam (I don't think anyone sane would accept an email that simply reads: "I got spam for x.x.x.x, fix it".) They have already been provided a copy of the message. That would not require them to track any outbound mail.
I would like to see them provide me with the forwarded mail, after all it is being alleged that the message did come from me, and I've already been told effectively that I'm guilty, why can I not see the evidence?
I did ask the important question, as I do send mail from multiple accounts through Comcast (because I have to obviously), was the flag a result of an automated system or was it an actual report, and was told it was a report.
Is this really such a big deal to request? I feel like I've been accused and there's nothing I can do. "You did it, your in trouble, we don't have to give you anything.. Guilty!"
--
I miss my dial-up modem... It was an error correcting modem... I seem to have so many typo's lately..... |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| It would be interesting to have the viewpoint of an attorney re: the situation you cite. My suspicion is that Comcast's attorneys have told Comcast to not forward the complaint mail.
In any case what you are asking is a horrendous task on a system of Comcast's size. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
1 edit | reply to koitsu
said by koitsu :I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose. Actually, we can connect to 'smtp.comcast.net'. And, if we have Comcast account login information, we can even use those servers ("we" being people with non-Comcast IP addresses).
AFAIK, Comcast ACL determines whether authentication will be required on a port 25 connection, or not. However, authentication on a port 587 connection is an option, per RFC 2476, and designed to allow off-network access to the server.
P.S. Here are the headers of a test message I sent using 'smtp.comcast.net:25' from my 'at&t Yahoo! HSI' connection. I had my sister enter her Comcast UserID+Password into MS Outlook Express 6 for this test (I removed it, as well, all under her observation and supervision):
Apologies for duplicate information. I was waiting on my sister to finish up doing girl stuff in preparation for an outing, so I didn't get the authorization for testing, or read on, until later in the cycle.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to odog
said by odog :Check your IP here www.senderbase.org To what end? He is sending from his IP address only to the Comcast SMTP message submission server. Comcast is only going to be concerned with whether he is an authenticated Comcast user, and acting within the limitations of the Comcast Terms of Use. Message submission servers shouldn't care about that Senderbase data.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to K Patterson
said by K Patterson :I've not seen a case where malware used the ISP's server. That's why port 25 blocks work. I have. Several spam items from 'nlpi0nn.prodigy.net', where some spammer has hijacked an 'at&t Yahoo! HSI' user's account information. Ironically, using Comcast user's compromised computers in a 'bot herd to send through 'smtpauth.sbcglobal.net' (or one of the other aliases), and using the stolen AT&T account credentials to authenticate to the server. Reported through Spamcop.net; the reports actually went to Comcast abuse, but the AT&T servers will, eventually, be blocked.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD
| reply to K Patterson
said by K Patterson :It would be interesting to have the viewpoint of an attorney re: the situation you cite. My suspicion is that Comcast's attorneys have told Comcast to not forward the complaint mail. In any case what you are asking is a horrendous task on a system of Comcast's size. I can think of a very good reason not to forward complaint emails. Retaliation.
mady
--
Honi soit qui mal y pense |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| I hadn't thought of that, good point!
My guess is that Comcast managerial types want nothing to do with any possibility that someone else's email is anywhere on one of their ahrd drives. Just too much exposure in our presently litigious society. |
|
odog
Cable Centric Vendor Biased
Premium
join:2001-08-05
Norcross, GA
clubs:
·Comcast
·Metrocast Communic..
 ·Vonage
| reply to NormanS
said by NormanS :said by odog :Check your IP here www.senderbase.org To what end? He is sending from his IP address only to the Comcast SMTP message submission server. Comcast is only going to be concerned with whether he is an authenticated Comcast user, and acting within the limitations of the Comcast Terms of Use. Message submission servers shouldn't care about that Senderbase data. senderbase also gives a "score" about how much spam has been received from the particular IP. It more importantly will list if he is one of the large blacklists for whatever reason. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by odog :senderbase also gives a "score" about how much spam has been received from the particular IP. It more importantly will list if he is one of the large blacklists for whatever reason. What does his IP address have to do with anything?!?!? He is sending through 'smtp.comcast.net'. The only thing which a gateway mail server should concern itself with is the IP address of 'smtp.comcast.net'. The Comcast user's IP address is not a part of the equation.
Look; just because I am running an MTA, doesn't meant my ISP IP address is connecting to gateway mail servers when I send out email. Neither his Comcast connection, nor my AT&T connection are a part of the equation! When we send through our respective ISP SMTP message submission servers, our IP addresses should be treated no different than any other users IP address while going through those servers.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
2 edits | reply to koitsu
said by koitsu :The logic here baffles my mind. funchords would have a field day with this. Yeah, I'm reading.
Comcast needs to fish or cut bait. This is intolerable to people like us. The only reason it's tolerated at all is because most users these days think that email is something they get from a website.
I admire Comcast for being one of the last, great holdouts for blocking TCP 25 outbound. They made the right and best decision against enormous pressure. However, the implementation is screwed up somewhere and if they're unwilling to spend the money to fix it, then they should just wave the white flag and make the block across the board and then let select technically-informed users opt-out.
koitsu has been more then reasonable. He's not getting customer support, he's getting corporate arrogance. One complaint doesn't make him a spammer (didn't anyone SEE how few emails that he sent?). Nobody can be sure, and Comcast shouldn't rat out someone who sent in a complaint -- but Comcast, are you sure Koitsu emailed the message or was it remailed by the listserv? If so -- then this is between the listserv admin and the complainer, and you shouldn't get involved.
Anyway -- that's this incident. I keep reading incident after incident after incident of bungled or questionable mail administration around the control of outgoing spam. User errors or user neglect is probably responsible for half of these. But where is the discretion, that human factor, in handling the other half? That's the saddening, maddening pattern that frustrates me.
Spam is tough. There's no "field day" here -- I feel for both sides of this very tough issue. What I have no patience for is people treating others as less than deserving of respect and dignity. Call me old-fashioned, but if more people cared for one another, it would be a brighter world.
If Comcast is going to stand by their decision to block outbound 25 as a reactive measure, then technically capable Comcast users ought to continue to applaud that. I know that I never wanted my Internet access to have a PlaySkool interface. Let AOL have those "See Spot run!" customers. But, please, calling koitsu a spammer is not customer support and nobody should be trying to explain why he should just live with it. It's a sign that something is broken and needs to be fixed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
More features, more fun, Join BroadbandReports.com, it's free...
|
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| reply to madylarian
said by madylarian :I can think of a very good reason not to forward complaint emails. Retaliation. There is that, but the main reason is to prevent listwashing.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
More features, more fun, Join BroadbandReports.com, it's free...
|
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| said by funchords :said by madylarian :I can think of a very good reason not to forward complaint emails. Retaliation. There is that, but the main reason is to prevent listwashing. I don't understand, perhaps because I really don't know what listwashing is. Can you explain a little more?
thanks, |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to KookyMan
said by KookyMan :I think what I'm going to do is reroute smtp.comcast.net on my in-house DNS to point at my local linux system and see if it collects mail trying to go out... Does this sound like something that might work? It's possible, but not via DNS. I can explain (if you have a UNIX box on your local network and a UNIX box somewhere elsewhere on th Internet) how to set up a transparent tunnel between the two, specifically for Internet-bound mail your local UNIX machine tries to send (via sendmail/postfix/exim/whatever), but this isn't the same as using DNS to magically point smtp.comcast.net to your local Linux box. |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to K Patterson
said by K Patterson :It would be interesting to have the viewpoint of an attorney re: the situation you cite. My suspicion is that Comcast's attorneys have told Comcast to not forward the complaint mail. In any case what you are asking is a horrendous task on a system of Comcast's size. Wrong -- it's in absolutely no way shape or form a "horrendous task".
Comcast human beings already have to handle spam complaints by hand. That means they get a full copy of the *entire mail*, including the body of the text. Someone has to read it -- I don't see it as a privacy invasion at all.
I'd like to ASSUME they look at the mail headers closely, and spend the time doing it right. Since they're already looking at the headers, is it really THAT HARD to put them in a ticket or as a note on your account? No. As someone who works in a NOC, I can assure you that degree of effort takes about 10 seconds.
Take my situation for example: **one single report of spam** resulted in them applying a network block. ONE. I know for a fact I didn't spam, and my own home network outbound ACLs ensure anyone using my network can only send mail through my FreeBSD box. So when I look at my FreeBSD box logs and see a series of mails dated when Comcast said the violation was performed, and none of them even remotely resemble spam, the only way you'll be able to debunk the issue is with Comcast's cooperation. |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
1 edit | reply to NormanS
said by NormanS :said by koitsu :I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose. Actually, we can connect to 'smtp.comcast.net'. And, if we have Comcast account login information, we can even use those servers ("we" being people with non-Comcast IP addresses). AFAIK, Comcast ACL determines whether authentication will be required on a port 25 connection, or not. However, authentication on a port 587 connection is an option, per RFC 2476, and designed to allow off-network access to the server. EDIT: Oops!  I completely misunderstood what you were saying here, Norman. I realise now you were talking about non-Comcast IPs being able to talk to smtp.comcast.net (presumably used for Comcast customers on laptop who roam, and don't want to have to change their mail client settings every time).
Everything you said is understood. |
|
