mbnva
Premium
join:2005-01-29
Haymarket, VA
| [E-mail] Microsoft Hotmail Blocks Comcast Traffic
Microsoft Hotmail Blocks Comcast Traffic
For several days now - Hotmail traffic sent by Comcast users have been blocked. Some claim this is a blacklist gone awry, others claim that its Microsoft's attempt at attacking a large spam distributor, and others misconfigurations. Comcast has no official word - but many people are getting errors reporting that "denied permit" - what this exactly means is unclean - but most likely that Hotmail is denying Comcast permission to send their users emails.
See thread here for more info:
»forums.comcast.net/thread.jspa?f···ID=47601 |
|
Oregonian
Premium
join:2000-12-21
West Linn, OR
 ·Comcast
| Thanks very much for posting this. I have an email list of around 70-80 people and last night I started getting this "550 Permit Denied" message. Thought I had done something wrong but it looks like a Comcast vs. Hotmail, etc. issue. Hopefully, they will get it resolved soon. |
|
skyper
join:2002-07-01
Sarasota, FL
·Comcast
| reply to mbnva
Re: [E-mail] Microsoft Hotmail Blocks Comcast Traf
We've been having the same problem between Comcast & Hotmail all day. It will be interesting to find out what's going on...
Thanks for this forum, otherwise I'd have spent way too much time trying to figure out what I was doing wrong |
|
scooby
Premium
join:2001-05-01
Schaumburg, IL
| reply to mbnva
Hard to blame them if it is for spamming. Comcast is generally ranked in the top 3 of the biggest spammers in the US. They do not seem to actively pursue spammers either.
»www.spamhaus.org/statistics/networks.lasso
»www.senderbase.org/ |
|
MrBradTX
join:2001-05-23
Carrollton, TX
·RoadRunner Cable
| said by scooby  :Comcast is generally ranked in the top 3 of the biggest spammers in the US. If true, it's hardly surprising, since they are also ranked in the top 3 ISPs in terms of number of users. |
|
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
·Comcast
1 edit | reply to mbnva
quote:
Chat id : 544659fb-46b3-4719-974a-23d97bcc70c5
Problem : E-mail/Can’t send E-Mail/Other
Teoddy > Thank you for contacting Comcast, my name is Teoddy. How can I help you today?
Steve > hi
Teoddy > Hi.
Steve > i have some issues with email
Steve > I am unable to send mail from my ISP account (i.e. sending from my Comcast email account to my Hotmail accout) to hotmail.I recieve this error: The message could not be sent because one of the recipients was rejected by the server. Server response: '550 permit denied'. (Account: 'mail.comcast.net', SMTP Server: 'smpt.comcast.net'. Error number: 0x800ccc79)
Teoddy > I do apologize and I understand how frustrating it is. I will be happy to assist you with your email issue.
Teoddy > Am I chatting with Steve?
Steve > yes you are
Teoddy > Were you sending email to Hotmail/MSN?
Steve > yes to my own account no less
Teoddy >
We are aware of an issue that is ongoing currently where our customers are having problems sending to MSN and Hotmail based email addresses. Our technicians, along with Microsoft are working to resolve the issue. We do not have an ETA when this will be fixed, but just to let you know we are aware of the issue, and we working to correct it. We apologize for the inconvenience.
Steve > ok.. sounds good
Teoddy > Thank you for your understanding.
Teoddy > Is there anything else I can help you with today?
Steve > i'll wait a few days and see what happens
Steve > no, thank you
Teoddy > To get more information about our service, please refer to Comcast FAQ - »www.comcast.net/help/. Thank you for choosing Comcast. Goodbye and have a nice day.
Teoddy > Analyst has closed chat and left the room
uh huh.. it'll never get fixed..
--
Webmaster Steve
- - - - - - - - - - - -
»ppnhosting.com
»sphenterprizes.com
»pokemonpalace.net |
|
IMOSH2
join:2002-01-28
Broadway, NJ | reply to mbnva
Re: [E-mail] Microsoft Hotmail Blocks Comcast Traffic
msn and hotmail- we get "550 permit denied"
we're gonna switch to our webhoster to send our emails now. |
|
yvovandoorn
Premium
join:2003-11-06
Renton, WA
| reply to mbnva
i can confirm that this is also happening with email to speakeasy.
Reporting-MTA: dns; comcast.net
Arrival-Date: 19 Oct 2005 17:46:23 +0000
Final-Recipient: rfc822;
Action: failed
Status: 5.1.0 MAIL FROM: 553 REPLY: 553_sorry,_your_mail_from_a_host_[63.240.77.84]_without_valid_reverse_DNS_was_administratively_denied_(#5.7.1)
Diagnostic-Code: smtp; Permanent Failure: Other address status
Last-Attempt-Date: Wed, 19 Oct 2005 17:48:21 -0000
or to a Speakeasy hosted website:
Reporting-MTA: dns; comcast.net
Arrival-Date: 19 Oct 2005 17:38:49 +0000
Final-Recipient: rfc822;
Action: failed
Status: 5.1.0 MAIL FROM: 553 REPLY: 553_sorry,_your_mail_from_a_host_[63.240.77.81]_without_valid_reverse_DNS_was_administratively_denied_(#5.7.1)
Diagnostic-Code: smtp; Permanent Failure: Other address status
Last-Attempt-Date: Wed, 19 Oct 2005 17:40:48 -0000
Using mail.app on a Mac or Entourage... |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
 ·Verizon Online DSL
 ·Skype
| said by yvovandoorn :i can confirm that this is also happening with email to speakeasy. Reporting-MTA: dns; comcast.net Arrival-Date: 19 Oct 2005 17:46:23 +0000 Final-Recipient: rfc822; Action: failed Status: 5.1.0 MAIL FROM: 553 REPLY: 553_sorry,_your_mail_from_a_host_[63.240.77.84]_without_valid_reverse_DNS_was_administratively_denied_(#5.7.1) Diagnostic-Code: smtp; Permanent Failure: Other address status Last-Attempt-Date: Wed, 19 Oct 2005 17:48:21 -0000 or to a Speakeasy hosted website: Reporting-MTA: dns; comcast.net Arrival-Date: 19 Oct 2005 17:38:49 +0000 Final-Recipient: rfc822; Action: failed Status: 5.1.0 MAIL FROM: 553 REPLY: 553_sorry,_your_mail_from_a_host_[63.240.77.81]_without_valid_reverse_DNS_was_administratively_denied_(#5.7.1) Diagnostic-Code: smtp; Permanent Failure: Other address status Last-Attempt-Date: Wed, 19 Oct 2005 17:40:48 -0000 Using mail.app on a Mac or Entourage... This speakeasy issue is different than the hotmail 550 problem -- probably.
This speakeasy problem should clear up within a few hours (when the cache entry times out). Both IP addresses above have an rDNS now:
»www.dnsstuff.com/tools/ptr.ch?ip···40.77.81
Reverse DNS for 63.240.77.81
Generated by www.DNSstuff.com
Location: United States [City: San Diego, California]
Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 63.240.77.81 is found by looking up the PTR record for
81.77.240.63.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.
How I am searching:
Asking h.root-servers.net for 81.77.240.63.in-addr.arpa PTR record:
h.root-servers.net says to go to epazote.arin.net. (zone: 63.in-addr.arpa.)
Asking epazote.arin.net. for 81.77.240.63.in-addr.arpa PTR record:
epazote.arin.net [192.41.162.32] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 240.63.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 81.77.240.63.in-addr.arpa PTR record:
cbru.br.ns.els-gms.att.net [199.191.128.105] says to go to ns1.itv.att.net. (zone: 77.240.63.in-addr.arpa.)
Asking ns1.itv.att.net. for 81.77.240.63.in-addr.arpa PTR record: Reports sccrmhc11.comcast.net. [from 204.127.193.29]
Answer:
63.240.77.81 PTR record: sccrmhc11.comcast.net. [TTL 10800s] [A=63.240.76.21, 63.240.77.81, 204.127.202.55]
To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.
--
Robb Topolski ;) http://www.funchords.com/ :D Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
1 edit | reply to MrBradTX
Re: [E-mail] Microsoft Hotmail Blocks Comcast Traf
said by MrBradTX :said by scooby :Comcast is generally ranked in the top 3 of the biggest spammers in the US. If true, it's hardly surprising, since they are also ranked in the top 3 ISPs in terms of number of users. That is a lame excuse. Comcast is No.1 in HSI customers, No.3 in spam abuse; SBC is No.2 in HSI customers, No.1 in spam abuse. Right from the gitgo you can see that there is no correlation between size of customer base and spam. There are are 61 entries for Comcast in the Spamhaus list, 91 entries for SBC in the Spamhaus list. Let us break them down:
Comcast SBC
-----------------------------------------------------------------------
Proxified
Residential 25+ 5
Customer
-----------------------------------------------------------------------
ROKSO 17 32
Other 18 54
-----------------------------------------------------------------------
Non Resident Total 35 86
-----------------------------------------------------------------------
Residential Total 25+ 5
-----------------------------------------------------------------------
Grand Total 61 91
HSI provider No.1 Comcast - 7,705,000 subscribers
HSI provider No.2 SBC - 5,968,000 subscribers
»www.leichtmanresearch.com/press/···ase.html
...and here is more subscriber data:
»isp-planet.com/research/rankings···005.html
Now let's do some math. Ratio of ROKSO spammers to total spammers:
Comcast: 17:61, or ~28%
SBC: 32:91, or ~35%
Comcast: 35:61, or ~57.3%
SBC: 86:91, or ~94.55%
Ratio of, presumably (the figures don't detail, but the Spamhau list of assigned IP addresses seems to support) mostly residential customers to total spammers:
Comcast: 26+:61, or ~42.6%+
SBC: 5:91, or 5.5%
One more comparison is in order:
The ratio of Comcast HSI customers to SBC HSI customers: 1.28:1
The ratio of Comcast HSI spam spewing customers to SBC HSI spam spewing customers: 5:1
Any way that you look at it, based on HSI customers, Comcast, which doesn't block outbound port 25, is way ahead of SBC, which does block outbound port 25, when it comes to open proxy spam from infested residential customer computers. So stop blowing smoke about how Comcast leads in spam abuse because they lead in customer base.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| said by NormanS :The ratio of Comcast HSI spam spewing customers to SBC HSI spam spewing customers: 5:1 Any way that you look at it, based on HSI customers, Comcast, which doesn't block outbound port 25, is way ahead of SBC, which does block outbound port 25, when it comes to open proxy spam from infested residential customer computers. So stop blowing smoke about how Comcast leads in spam abuse because they lead in customer base. I like that Comcast doesn't block port 25. I connect to an outside server every day, and I haven't done anything wrong. To me, this is a big deal.
Comcast does block port 25 for compromised systems. It's whack-a-mole, to be sure, but it works without punishing customers who run AV, keep their systems patched, don't download crap, and usually run with minimum system privileges.
--
Robb Topolski  http://www.funchords.com/  Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
scooby
Premium
join:2001-05-01
Schaumburg, IL | reply to mbnva
Norman you are forgetting T1 customers. SBC has a huge lead in the number of business customers and those get infected as well. |
|
LeftofSanity
@208.17.x.x | reply to mbnva
Re: [E-mail] Microsoft Hotmail Blocks Comcast Traffic
I dont get the argument on size/spam rank. Maybe more spammers are chsi cust. But the more cust you have, the higher chances for more spammers.
Anyway back on topic, this issue seems to be resolved now. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to funchords
Re: [E-mail] Microsoft Hotmail Blocks Comcast Traf
said by funchords :I like that Comcast doesn't block port 25. I connect to an outside server every day, and I haven't done anything wrong. To me, this is a big deal. Comcast does block port 25 for compromised systems. It's whack-a-mole, to be sure, but it works without punishing customers who run AV, keep their systems patched, don't download crap, and usually run with minimum system privileges. I don't like that I get so damned many connection attempts from unblocked Comcast customers to my MX server. If I didn't have friends on Comcast I'd just block them at the firewall.
You don't need port 25 to use outside servers. I use outside servers that listen on port 465, or on port 587. Port 25 was never intended for email message submission; and the sooner we stop mis-using it, the sooner the spammers won't be able to abuse it.
You gotta be kidding, right? Comcast port 25 blocks are completely ineffective. They go in place for 48 hours, then they are lifted. If the blocked customer actually uses a mail client, they might notice; but I know a lot of people who don't even know what a mail client is. Those who rely entirely on the Comcast web mail service will never know when they get blocked, and, thus, never know that they need to clean their infected systems. Idiots.
said by scooby :Norman you are forgetting T1 customers. SBC has a huge lead in the number of business customers and those get infected as well. Then why aren't they showing up in the Spamhaus stats? Why aren't they showing up in my mail logs. Both the Spamhaus stats, and my mail logs tell me that you are wrong.
said by scooby : reply to mbnva Re: [E-mail] Microsoft Hotmail Blocks Comcast Traffic I dont get the argument on size/spam rank. Maybe more spammers are chsi cust. But the more cust you have, the higher chances for more spammers. You didn't even look at the numbers. There is no correlation to how many customers you have and how much spam you send.
Comcast only has 1.3 times as many customers as SBC. Comcast has 5 times as many compromised customers, with spamming Trojans, as SBC has.
And you haven't seen the end of the spam blocks. Yet.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| said by NormanS :You don't need port 25 to use outside servers. I use outside servers that listen on port 465, or on port 587. Port 25 was never intended for email message submission; and the sooner we stop mis-using it, the sooner the spammers won't be able to abuse it. I wish I had 465 or 587 ... but my outside provider doesn't and won't (I've asked).
But what do you mean about port 25 never being intended for email submission? That's been the port since I've been on the net ... more than 10 years now.
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
BlaZeR2
join:2001-05-28
Taylor, MI
| reply to NormanS
Maybe i am not following this correctly, but you say that Comcast has 5 times as many compromised customers as SBC, but that isn't true. They have 5 times as many compromised RESIDENTIAL customers as SBC. If you include non-residential, SBC has 1.5 times as many compromised customers (overall) as comcast.
Is this correct, or am I misunderstanding something, the thread isn't just about residential customers but customers as a whole? |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| reply to NormanS
said by NormanS :Comcast port 25 blocks are completely ineffective. They go in place for 48 hours, then they are lifted. No, they go into place and stay in place until the customer contacts the abuse dept.. I've seen the letter posted in this forum.
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to BlaZeR2
said by BlaZeR2 :Maybe i am not following this correctly, but you say that Comcast has 5 times as many compromised customers as SBC, but that isn't true. They have 5 times as many compromised RESIDENTIAL customers as SBC. If you include non-residential, SBC has 1.5 times as many compromised customers (overall) as comcast. Is this correct, or am I misunderstanding something, the thread isn't just about residential customers but customers as a whole? I don't even know where you are getting that "1.5 times as many compromised customers". SBC has a large number of commercial spammers who actually pay SBC for connectivity for spamming. Those costumers are not "compromised", they are paying SBC for the privilege of spamming. They comprise roughly 95% of the total spamming reported by Spamhaus as coming from SBC IP addresses. These guys are actually running MTAs on their IP addresses. SBC abuse doesn't do squat about them because they pay enough money that SBC sees them as a revenue stream. You wouldn't want to kill the goose laying the golden eggs, would you? Well, neither does SBC. (Not that I agree with that position; if I were paying the HSI bill here, and not the landlady, I would switch to DSL Extreme, or Speakeasy, in a heartbeat! And tell SBC why I am leaving when I leave. Alas...And I have spent too much time bitching in the SBC private NNTP groups; I have a reputation there, but it isn't the best.)
The "compromised" customers are mostly residential customers; the ones who get the spamming Trojans installed on their computers. About 95% of them would never miss port 25 if it was blocked. The latest crop of them are probably like my Comcast sister, or SBC Yahoo! DSL Service cousin; the former doesn't use an email client, preferring to use the Comcast Web email interface, the latter was happy not to lose his Yahoo! Mail Web access. Neither would ever notice a port 25 block. These make up the bulk of the proxy spam. Comcast has only ~1.3 times as many of these customers, yet ~5 times as many of these customers are spewing spam from the Comcast network.
said by funchords :But what do you mean about port 25 never being intended for email submission? That's been the port since I've been on the net ... more than 10 years now. »www.faqs.org/rfcs/rfc2821.html
This describes the "Simple Mail Transfer Protocol". Mail transfer, as in forwarding email from MTA to MTA until the destination. Unless you are running an MTA, you don't need port 25. The fact that port 25 has been used for message submission up until now doesn't mean that port 25 was always intended for messages submission.
»www.faqs.org/rfcs/rfc2476.html
Dated December, 1998, so it goes back a ways. This describes "Message Submission", as in injecting email into the SMTP session. It has been around long enough that mail administrators should be aware of it. Any mail administrator who refuses to implement RFC 2476 is being a "stubborn ass". It isn't hard to do. It is just, well, not "traditional". Not more than ten years old, to be sure; but not invented yesterday, either. Somebody foresaw the need for authenticated message submission seven years ago; just about two years after the first inkling of trouble with spam. If every email provider used authenticated message submission on port 587, as described in RFC 2476, then proxy spam would be as much a thing of the past as relay spam is now.
As for a provider refusing to implement an RFC; I would recommend them to "RFC Ignorant", for a listing!
»www.rfc-ignorant.org/
And look elsewhere for email service.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| So everyone who accepts submissions on port 25 is RFC ignorant? I think espousing that position is rather ignorant.
What do you think RFC means? There are plenty of RFCs that never 'took.' It is guidance, and I believe in them, but current and prior practice is also guidance.
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
1 edit | I am beginning to feel the way that Dr. Ignaz Semmelweis must have felt...
»inventors.about.com/library/inve···tics.htm
"Current and prior practice" is not always the best practice.
(Or, maybe...Brigadier General Billy Mitchell)
How ironic; the "fortune" that BBR displayed as I was being taken back from posting:
Random fortune (from food)
Sacred cows make great hamburgers.
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
