dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13290
share rss forum feed


madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD
reply to K Patterson

Re: [Spam] Comcast reporting spam from my IP

said by K Patterson:

It would be interesting to have the viewpoint of an attorney re: the situation you cite. My suspicion is that Comcast's attorneys have told Comcast to not forward the complaint mail.

In any case what you are asking is a horrendous task on a system of Comcast's size.
I can think of a very good reason not to forward complaint emails. Retaliation.

mady
--
Honi soit qui mal y pense

K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
kudos:1

I hadn't thought of that, good point!

My guess is that Comcast managerial types want nothing to do with any possibility that someone else's email is anywhere on one of their ahrd drives. Just too much exposure in our presently litigious society.



odog
Cable Centric Vendor Biased
Premium,VIP
join:2001-08-05
Atlanta, GA
kudos:13
Reviews:
·Comcast
reply to NormanS

said by NormanS:

said by odog:

Check your IP here

www.senderbase.org
To what end? He is sending from his IP address only to the Comcast SMTP message submission server. Comcast is only going to be concerned with whether he is an authenticated Comcast user, and acting within the limitations of the Comcast Terms of Use. Message submission servers shouldn't care about that Senderbase data.
senderbase also gives a "score" about how much spam has been received from the particular IP. It more importantly will list if he is one of the large blacklists for whatever reason.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 recommendation

said by odog:

senderbase also gives a "score" about how much spam has been received from the particular IP. It more importantly will list if he is one of the large blacklists for whatever reason.
What does his IP address have to do with anything?!?!? He is sending through 'smtp.comcast.net'. The only thing which a gateway mail server should concern itself with is the IP address of 'smtp.comcast.net'. The Comcast user's IP address is not a part of the equation.

Look; just because I am running an MTA, doesn't meant my ISP IP address is connecting to gateway mail servers when I send out email. Neither his Comcast connection, nor my AT&T connection are a part of the equation! When we send through our respective ISP SMTP message submission servers, our IP addresses should be treated no different than any other users IP address while going through those servers.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

2 edits

1 recommendation

reply to koitsu

said by koitsu:

The logic here baffles my mind. funchords See Profile would have a field day with this.
Yeah, I'm reading.

Comcast needs to fish or cut bait. This is intolerable to people like us. The only reason it's tolerated at all is because most users these days think that email is something they get from a website.

I admire Comcast for being one of the last, great holdouts for blocking TCP 25 outbound. They made the right and best decision against enormous pressure. However, the implementation is screwed up somewhere and if they're unwilling to spend the money to fix it, then they should just wave the white flag and make the block across the board and then let select technically-informed users opt-out.

koitsu See Profile has been more then reasonable. He's not getting customer support, he's getting corporate arrogance. One complaint doesn't make him a spammer (didn't anyone SEE how few emails that he sent?). Nobody can be sure, and Comcast shouldn't rat out someone who sent in a complaint -- but Comcast, are you sure Koitsu emailed the message or was it remailed by the listserv? If so -- then this is between the listserv admin and the complainer, and you shouldn't get involved.

Anyway -- that's this incident. I keep reading incident after incident after incident of bungled or questionable mail administration around the control of outgoing spam. User errors or user neglect is probably responsible for half of these. But where is the discretion, that human factor, in handling the other half? That's the saddening, maddening pattern that frustrates me.

Spam is tough. There's no "field day" here -- I feel for both sides of this very tough issue. What I have no patience for is people treating others as less than deserving of respect and dignity. Call me old-fashioned, but if more people cared for one another, it would be a brighter world.

If Comcast is going to stand by their decision to block outbound 25 as a reactive measure, then technically capable Comcast users ought to continue to applaud that. I know that I never wanted my Internet access to have a PlaySkool interface. Let AOL have those "See Spot run!" customers. But, please, calling koitsu See Profile a spammer is not customer support and nobody should be trying to explain why he should just live with it. It's a sign that something is broken and needs to be fixed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
More features, more fun, Join BroadbandReports.com, it's free...


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to madylarian

said by madylarian:

I can think of a very good reason not to forward complaint emails. Retaliation.

There is that, but the main reason is to prevent listwashing.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
More features, more fun, Join BroadbandReports.com, it's free...

K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
kudos:1

said by funchords:

said by madylarian:

I can think of a very good reason not to forward complaint emails. Retaliation.

There is that, but the main reason is to prevent listwashing.
I don't understand, perhaps because I really don't know what listwashing is. Can you explain a little more?

thanks,


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to KookyMan

said by KookyMan:

I think what I'm going to do is reroute smtp.comcast.net on my in-house DNS to point at my local linux system and see if it collects mail trying to go out... Does this sound like something that might work?
It's possible, but not via DNS. I can explain (if you have a UNIX box on your local network and a UNIX box somewhere elsewhere on th Internet) how to set up a transparent tunnel between the two, specifically for Internet-bound mail your local UNIX machine tries to send (via sendmail/postfix/exim/whatever), but this isn't the same as using DNS to magically point smtp.comcast.net to your local Linux box.


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to K Patterson

said by K Patterson:

It would be interesting to have the viewpoint of an attorney re: the situation you cite. My suspicion is that Comcast's attorneys have told Comcast to not forward the complaint mail.

In any case what you are asking is a horrendous task on a system of Comcast's size.
Wrong -- it's in absolutely no way shape or form a "horrendous task".

Comcast human beings already have to handle spam complaints by hand. That means they get a full copy of the *entire mail*, including the body of the text. Someone has to read it -- I don't see it as a privacy invasion at all.

I'd like to ASSUME they look at the mail headers closely, and spend the time doing it right. Since they're already looking at the headers, is it really THAT HARD to put them in a ticket or as a note on your account? No. As someone who works in a NOC, I can assure you that degree of effort takes about 10 seconds.

Take my situation for example: **one single report of spam** resulted in them applying a network block. ONE. I know for a fact I didn't spam, and my own home network outbound ACLs ensure anyone using my network can only send mail through my FreeBSD box. So when I look at my FreeBSD box logs and see a series of mails dated when Comcast said the violation was performed, and none of them even remotely resemble spam, the only way you'll be able to debunk the issue is with Comcast's cooperation.


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 edit
reply to NormanS

said by NormanS:

said by koitsu:

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.
Actually, we can connect to 'smtp.comcast.net'. And, if we have Comcast account login information, we can even use those servers ("we" being people with non-Comcast IP addresses).

AFAIK, Comcast ACL determines whether authentication will be required on a port 25 connection, or not. However, authentication on a port 587 connection is an option, per RFC 2476, and designed to allow off-network access to the server.
EDIT: Oops! I completely misunderstood what you were saying here, Norman. I realise now you were talking about non-Comcast IPs being able to talk to smtp.comcast.net (presumably used for Comcast customers on laptop who roam, and don't want to have to change their mail client settings every time).

Everything you said is understood.


madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD
reply to K Patterson

said by K Patterson:

I don't understand, perhaps because I really don't know what listwashing is. Can you explain a little more?

thanks,
Listwashing means that the complaining addresses are removed from the spammer's list and the spammer just keeps on spamming because most people just delete rather than complain.

mady
--
Honi soit qui mal y pense


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 edit
reply to funchords

said by funchords:

But, please, calling koitsu See Profile a spammer is not customer support and nobody should be trying to explain why he should just live with it. It's a sign that something is broken and needs to be fixed.
Thanks, your sentiments are greatly appreciated.

The part that frustrates me (and I apologise in advance if this sounds narcissistic): I'm the perfect candidate to work with Comcast to get this fixed. This is where having a good technical skill set comes into play.

I understand that by this point most of the support reps are probably attuned to "What is a trojan?? What do you mean my computer sent spam?? I just want my mail to work!" responses from customers. But I'm not one of those, and I did my best to make the Abuse guy aware of that fact (and he did acknowledge it). I was hoping it would establish a sense of trust.

It does appear that the reasoning behind why Comcast doesn't "work more with customers" on issues like this is because of either managerial red tape (paranoia), or legal aspects. I understand the "they don't provide details to minimise retaliation" aspect, and I can see the justification in that. But there needs to be some common ground established between the customer and the provider.

My reasons for being wary/untrustworthy at this point, I feel, are justified. I sincerely believe at this point, one of these is what's happening here. This is purely speculative, just for the record:

1) Outound mail (sent through Comcast's mail servers) are scanned on Comcast's systems using spam analysis software, and if the mail receives a high score, sets a "red flag" somewhere with Abuse/whomever to put an ACL on the account.

Along those same lines, maybe they use something like log analysis software and saw that within X number of minutes or seconds I sent X number of mails, and that caused a "red flag". This type of system is very common, and needs to be tuned appropriately to get accurate results; too sensitive and situations like this happen.

2) My use of smtp.comcast.net port 25, without SMTP AUTH, flagged me within Comcast as a "possible spammer". Of course I've been using this method for years, so I'm not sure what would have caused Comcast to get sensitive about it *now*.

3) An Abuse person at Comcast received either a falsified report of spam (e.g. modified Received: headers) and simply assumed what was shown to be true.

If this is how the process works, this is very, very bad. I want to believe the Abuse folks are able to go onto the Comcast SMTP servers and verify that the Comcast IP did in fact sent the mail, AND that the mail queue IDs match. How do I know they're doing that and not just blindly trusting what some Internet jhonka sends them? (This is why I said an experiment would be interesting.)

4) An Abuse person at Comcast received a legitimate spam complaint, but misread or typo'd the IP in the Received headers, causing them to go on a wild goose chase. "Oh look, this guy is using smtp.comcast.net port 25 with no authentication!", even though the report may not have been about me.

I can spend the rest of my life speculating, I'm sure. It doesn't diminish the fact that this exact situation will happen to someone else. I'd love to work with Comcast to figure out what happened here, but their hands appear tied as I said before.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

4 edits

A couple of years ago, someone decided that they could save Comcast money at the abuse desk and dreamed up this dominoes cum chutes and ladders method to replace some of the workload.

It's now part automaton, part scripted, part Sandvine (yes, that Sandvine), part server, part reputation score and the people that support it -- good people -- get a bit overwhelmed due to the strange set of rules that apply (a user is a spammer if he sends 11 mails in 10 minutes of 9 lines or more using 8 from addresses or 7 blank lines at the end).

Rather than admit mistake, an overwhelmed and powerless employee in certain anti-customer cultures do not respond by admitting surprise or enlightenment, they rather maintain their frustratingly defenseless position despite evidence, despite debate, despite conclusive judgments to the contrary. Powerless over the situation, there is no professional curiosity, nor co-ownership of the customer's problem. Criticism doesn't lead to change there, it leads to entrenchment.

The report, faked or forged? -- regardless. There are two active threads, one right next to each other. Comcast called both OP's "spammers." One guy sends 500 messages, perhaps UCE (perhaps double opt-in, we just don't know) but certainly not the spam problem common to the Internet. The other guy is you. Comcast cut you both off. If cutting the two of you off is fighting spam, then Comcast is bringing squirt guns to a forest fire.

And in both threads, helpful people (and sincerely so) trying to explain why what happened happened -- lost in the technical detail of what tripped what without regard to the view from just a few steps farther away: good customers are getting bad experiences. That's okay, it's just justifiable as "collateral damage" in a war to help ensure "a good experience for most of our users."

I, for one, am sick of it.

These aren't Freebie NetZero accounts. This isn't Hotmail (sorry). This is paid-for premium Internet service! Customers deserve better.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
More features, more fun, Join BroadbandReports.com, it's free...



bigchris
Do Not Shoot The Messenger
Premium,MVM
join:2002-04-29
Leesburg, VA
reply to koitsu

Koitsu, Funchords, I didn't want to let this sit and become gospel truth because it isn't addressed.

Koitsu, I can assure you that your speculations are not accurate.

Funchords, your comment about sending rates that will get you labeled as a spammer as not accurate either, they are simply limits.



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

said by bigchris:

Koitsu, Funchords, I didn't want to let this sit and become gospel truth because it isn't addressed.

Koitsu, I can assure you that your speculations are not accurate.

Funchords, your comment about sending rates that will get you labeled as a spammer as not accurate either, they are simply limits.
I want to believe you bigchris See Profile, but the fact of the matter still stands: Comcast applied an outbound block on my modem for TCP port 25 due to "a report of spam", yet cannot actually provide me any evidence of it happening -- because all the evidence I have shows no such thing. My evidence shows there was no outbound SMTP spam sent from my connection on, or even around, September 2nd.

Why this matter concerns me so much:

Based on what you've told me earlier in this thread, what the Abuse individual stated isn't accurate -- what port you send mail through makes no difference regarding how Comcast handles spam reports.

This means that the *exact same situation could happen again*, which could in fact result in either 1) my inability to send mail from my Comcast service entirely (e.g. 25, 465, and 587 all get blocked), or 2) possibly termination of my service.

THAT is why I'm so concerned. I don't want it to happen again, and for that to happen, I need to know *details*, and work with someone, sharing evidence and being fair about it.

This *also* makes me question whether or not the Abuse person was telling me the truth when it came to his claim that the block was put in place "because of Comcast receiving a report of my IP sending spam".

It's to the point where I'd even be willing to sign an NDA (stopping further discussion on my part regarding this problem) just so I could get details on what happened. I realise this latter will probably make some forum folks say "Great dude, real great, just give in to the system and be a drone", but I'm trying to be reasonable, and I am worried for the above two reasons.

In no way shape or form am I complaining just for the sake of doing so -- I really am concerned/worried this situation will happen again.


bigchris
Do Not Shoot The Messenger
Premium,MVM
join:2002-04-29
Leesburg, VA

Koitsu, I said your speculations weren't accurate, I didn't say that the Abuse dept lied to you.

We will not block your port 587 or 465. You need to authenticate to use those ports so in effect you are saying it's you that sent the mail.

Now if it turns out you have or ever are trojan'd and we deem it significant enough to warn you, we'll contact you directly via the phone. We've done this in the past many times when it's clear a customer has a serious problem.

Can we end this now please?



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 edit

said by bigchris:

Koitsu, I said your speculations weren't accurate, I didn't say that the Abuse dept lied to you.

We will not block your port 587 or 465. You need to authenticate to use those ports so in effect you are saying it's you that sent the mail.

Now if it turns out you have or ever are trojan'd and we deem it significant enough to warn you, we'll contact you directly via the phone. We've done this in the past many times when it's clear a customer has a serious problem.

Can we end this now please?
No, because this just induces even more questions.

What you're telling me in the above paragraphs is essentially the following: "if you use SMTP AUTH to authenticate yourself with our mail servers, regardless of port #, then we won't block you".

None of this explains what caused Comcast to 1) suddenly block outbound TCP port 25, and 2) tell me that I sent spam through their mail servers on September 2nd.

Why did Comcast not simply send me an Email stating "we see you are using smtp.comcast.net port 25 without authentication. You need to use authentication to utilise our mail servers. To force you into doing that, we've put up a block on port 25. You'll need to use ports 587 or 465, which require authentication, from this point on"?

Why did the Support (not Abuse) rep. I spoke to not tell me that? Why didn't the Abuse rep. tell me that?

Finally: yes, of course I "sent the mail", if by "sent the mail" you mean the 11 I sent on September 2nd. I already admitted to sending all 11 of those (non-spam) mails, through smtp.comcast.net:25. I'm telling you flat out, NONE of those mails are spam. I can gladly send you, or any other Comcast rep., all 11 of those mails, as well as all 11 log entries in my mailserver, and you can cross-reference the timestamps and the mail queue IDs. Like I said, *I* have evidence/proof that I did not send any spam, but Comcast is not willing to work with me to try and figure out what really happened.

Or was what I was told (re: "you sent spam") a lie, and it was really just an attempt to get me to use SMTP AUTH? If so, no problem -- just say that!

KookyMan

join:2001-09-09
Clio, MI

The sad thing Koitsu, if you push that by providing logs of your mail server/etc, they will probably crack on you for running a mail server since that's "obviously not consumer use" (despite the fact that us geeks DO use servers in our residential environment.) Yes, I know its semantics since they aren't "public" servers, but you get what I'm prodding at.