Seen the Comcast Spamhaus SBL listings lately?

Author	All Replies
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD 1 edit	Seen the Comcast Spamhaus SBL listings lately? Five were added today, to bring the total to 28. »www.spamhaus.org/sbl/listings.la···cast.net The listing for SBL14535 pretty much says it all . . . quote: Comcast Hall of Shame What an ugly scene... Comcast is the #1 mail sender by domain as seen by Senderbase, its estimated daily outbound e-mail volume more than the next two domains combined: »www.senderbase.org/ Now, there's nothing wrong with that, in and of itself, as long as it's not unsolicited bulk e-mail. But looking at the mail sources at Comcast, only the first six are customer outbound mail servers. The rest are simply customer IPs, almost certainly broadband end-users with trojaned peecees, and the next six are each mailing at nearly the same magnitude as the customer outbound servers: »www.senderbase.org/?searchString···y=domain And what does Comcast do about that? Do they diligently scan their network for open proxies? Monitor traffic flow? Seek the feedback of spam reports, and act on them? Quarantine infected hosts immediately to stop the damage while the machine is disinfected? No! They simply ignore it for days...weeks...months...on end: Virus-infected machines are a huge source of spam, and they need to be stopped one-by-one. The moment such a compromised peecee is detected, it needs to be firewalled from the internet. Then its owner can disinfect thoroughly and completely, get a complimentary scan from their ISP, and not go back online until it passes muster. »www.spamhaus.org/sbl/sbl.lasso?q···SBL14535 Does Comcast really think this situation is going to continue to go unaddressed by the rest of the internet? The magnitude of spam coming from Comcast is more than the entire email volume of some small countries. I really think that Comcast is heading toward an Internet Death Penalty. -- The Rules of Spam \| Maryland's New Anti-Spam Law Where are we going? And what's with the hand basket?
	to forum · permalink · · 2004-02-27 20:26:52 ·
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD	Unbelievable . . . quote: The top five are listed here, with their SpamCop reporting histories: # SBL14535 24.0.102.160 reported ~9740 times by ~940 users; sending mail for at least 59.4 days. # SBL14536 24.2.242.2 reported ~7530 times by ~460 users; sending mail for at least 32.4 days. # SBL14537 24.3.159.40 reported ~8860 times by ~760 users; sending mail for at least 59.4 days. # SBL14538 24.3.13.54 reported ~8030 times by ~560 users; sending mail for at least 46.4 days. # SBL14539 68.85.78.212 reported ~7620 times by ~400 users; sending mail for at least 29.4 days. 41,780 spam reports on just 5 Comcast IPs . . . and they're still up and spewing spam. I don't blame AOL, Mindspring, Earthlink or any other ISP for blacklisting Comcast. -- The Rules of Spam \| Maryland's New Anti-Spam Law Where are we going? And what's with the hand basket?
	to forum · permalink · · 2004-02-28 01:13:59 ·
Cleric4 join:2002-03-31 00000 1 edit	reply to newview »apnews.excite.com/article/200402···R01.html Feb 16, 1:35 PM (ET) By ANICK JESDANUN NEW YORK (AP) - Next time you're looking for a culprit for all that junk mail flooding your inbox, have a glance in the mirror. Spammers are increasingly exploiting home computers with high-speed Internet connections into which they've cleverly burrowed. E-mail security companies estimate that between one-third and two-thirds of unwanted messages are relayed unwittingly by PC owners who set up software incorrectly or fail to secure their machines. David Lawrence, 43, owns such a computer, which turned into a "spam zombie" when a virus infected it in October. Five or six spammers were using his cable modem to remotely send pitches for products like Viagra and boosters for cell phone signals. "Spammers and the people who write these viruses ... is their life so void that they feel they have to mess up other people?" said Lawrence. "To me, it's criminal." The self-employed businessman from Tifton, Ga., said he learned of his computer's culpability when his Internet service got suspended. "I called to find out what was going on because I knew I had the bill paid," he said. Lawrence is by no means alone. Hundreds of thousands of computers worldwide have been infected by SoBig and other viruses that are programmed to spawn gateways, known technically as proxies, to relay spam. Though Lawrence had antivirus software, he hadn't kept it updated. It's ironic to the president of the security Web site myNetWatchman.com, Lawrence Baldwin, that those afflicted by spam are also often its couriers. "That's further encouragement, justification for taking responsibility for your own system," said Baldwin. "If you don't, you can be part of the very problem you're complaining about." Any Internet-connected computer could be running a proxy spam relay, but most of the malicious programs are written specifically for PCs that run Windows. In the past, some spammers had sought out and exploited Internet-connected computers with misconfigured networking software. The latest and growing threat is code purposely written to create spam relay proxies as it is spread by malicious viruses. "It's just going to get worse," said Ken Schneider, chief technology officer at spam-filtering company Brightmail Inc. "Traditionally, virus writers were driven more by reputation and trying to impress each other. Now there's an economic motive." Just last week, a proxy program called Mitglieder began installing itself on computers infected by last month's Mydoom outbreak, said Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Finland. He said such programs can also sneak in if computer owners fail to install patches to fix known Windows flaws. The shift in spamming methods even prompted the Federal Trade Commission to issue a consumer alert last month. The advisory encouraged consumers to use antivirus and firewall programs and to check "sent mail" folders for suspicious messages. Others say home users should also keep their Windows operating systems up to date by visiting .»windowsupdate.microsoft.com "If your computer has been taken over by a spammer, you could face serious problems," the FTC advisory wrote. "Your Internet Service Provider (ISP) may prevent you from sending any e-mail at all until the virus is treated, and treatment could be a complicated, time-consuming process." In the early days, spammers sent out junk messages directly from their machines. ISPs easily found them and closed their accounts. Spammers then looked for so-called open relays. These are typically mail servers at ISPs, often in Asia or South America, carelessly configured so that anyone on the Internet can send mail through them without needing a password. The relays make messages appear to have come from an ISP, not the spammer. But ISPs and anti-spam activists soon identified many of the open-relay machines and either pressured their owners to stop or blocked messages from them. Stymied by a more concerted effort by ISPs to lock down their Internet mail servers, the spammers turned to the less vigorously protected home machines. They are abundant and simple to find. Spammers can cover their tracks and become virtually untraceable. "It pains me to say it, but it's very clever of the spammer to have thought of this, getting legitimate PCs to send spam on their behalf," said Andrew Lochart, director of product marketing at e-mail security company Postini Inc. Steve Atkins, chief technology officer at the anti-spam consultancy Word to the Wise LLC, said some ISPs continue to be plagued by open-relay techniques, but spammers generally don't bother with them anymore because it's so much easier to have success with home machines. Where much of the spam previously flowed through China, South Korea, Brazil and other countries whose ISPs left many relays open, it's now being hastened by a North American trend: more high-speed cable and DSL connections at home. Such proxies are especially frustrating for ISPs to identify and block, said Mary Youngblood, abuse team manager at EarthLink Inc. (ELNK) She said some stay open only for a few hours and disappear by the time ISPs catch on, while newer ones reconfigure themselves constantly like chameleons on a single machine. The more versatile the open proxy, the longer it takes to isolate. John Levine, co-author of "Fighting Spam for Dummies," said the proliferation of proxies could force ISPs to take such measures as limiting how many messages a customer can send in a given time period. In the meantime, ISPs are often being forced to cut off their own customers. "As a customer, to have someone just arbitrarily shut me off, that would more than mildly displease me," said Walt Wyndroski, network operations manager for CityNet, which had shut down Lawrence. "We try to think from the customer's standpoint, but we also have to look at the larger view of the health of the network itself."
	to forum · permalink · · 2004-02-28 10:39:37 ·
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD	Criminals . . . quote: »Uncovered: Trojans as Spam Robots c't has gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers. The spammers use the infected systems to illegally distribute commercial e-mail messages -- without the knowledge of their owners. Furthermore, the network of trojans forms a powerful tool which the distributors of the viruses can use to, for example, launch distributed DoS attacks. By not locating and shutting down these trojaned boxes, Comcast is facilitating criminal abuse and providing spam support. -- The Rules of Spam \| Maryland's New Anti-Spam Law Where are we going? And what's with the hand basket?
	to forum · permalink · · 2004-02-28 10:55:38 ·
CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX ·RoadRunner Cable	reply to newview Actually in most ways I agree.. Comcast (all ISP's) need to get better at addressing spammers in their ranks.. But this is a little aside to that.. Seems like they want ot set cookies here »www.spamhaus.org/sbl/listings.lasso?is.. and if you don't let them they send you to the NSA site... kinda funny huh...
	to forum · permalink · · 2004-02-28 13:31:56 ·
PDXracer Premium join:2002-08-13 Grants Pass, OR clubs:	reply to newview I already cant send to some addy's as they have blocked Comcast IP's because of the constant spam.
	to forum · permalink · · 2004-02-28 14:00:17 ·
ddietrich join:2002-02-22 Longmont, CO	reply to newview There are bigger offenders Comcast really needs to deal with this problem but rr.com, pacbell.net, uu.net and verizon.net are worse.
	to forum · permalink · · 2004-02-28 17:51:19 ·
oldTDNickell Premium join:2000-12-19 Federal Way, WA	IF they can ID the address why don't they shut them down? -- Terry D.
	to forum · permalink · · 2004-02-28 17:57:04 ·
Varangian join:2002-12-08 Collinsville, IL	reply to newview Re: Seen the Comcast Spamhaus SBL listings lately? I smell a rat it would be in comcast's interest to stop the spam...unless of course they were getting direct payments to allow it.
	to forum · permalink · · 2004-02-28 18:20:31 ·
ssj4android Redefining Reality join:2002-04-14 Wyoming, MI	reply to newview And attbi.com is still fourth, and that doesn't include any official mail servers.
	to forum · permalink · · 2004-02-28 18:34:24 ·
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD	said by ssj4android : And attbi.com is still fourth, and that doesn't include any official mail servers. Attbi.com has 4 Spamhaus SBL listings . . . but the last one listed was today, 2/28/04, and a "Virus infected PC" to boot. It appears that Spamhaus is going to begin listing attbi.com as diligently as they have begun listing Comcast. »www.spamhaus.org/sbl/listings.la···ttbi.com -- The Rules of Spam \| Maryland's New Anti-Spam Law Where are we going? And what's with the hand basket?
	to forum · permalink · · 2004-02-28 18:47:43 ·
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD	reply to newview said by newview : Unbelievable . . . quote: The top five are listed here, with their SpamCop reporting histories: # SBL14535 24.0.102.160 reported ~9740 times by ~940 users; sending mail for at least 59.4 days. # SBL14536 24.2.242.2 reported ~7530 times by ~460 users; sending mail for at least 32.4 days. # SBL14537 24.3.159.40 reported ~8860 times by ~760 users; sending mail for at least 59.4 days. # SBL14538 24.3.13.54 reported ~8030 times by ~560 users; sending mail for at least 46.4 days. # SBL14539 68.85.78.212 reported ~7620 times by ~400 users; sending mail for at least 29.4 days. 41,780 spam reports on just 5 Comcast IPs . . . and they're still up and spewing spam. I don't blame AOL, Mindspring, Earthlink or any other ISP for blacklisting Comcast. Just an update to show the increasing complaints rate on each of the 5 IPs. Spamhaus comments are not updated in real time, but SpamCop's are, so checking each IP reveals . . . # SBL14535 24.0.102.160 reported ~11180 times by ~970 users # SBL14536 24.2.242.2 reported ~7580 times by ~460 users # SBL14537 24.3.159.40 reported ~9470 times by ~800 users # SBL14538 24.3.13.54 reported ~8330 times by ~600 users # SBL14539 68.85.78.212 reported ~8450 times by ~460 users So now we have a total of 45,010 spam complaints on just these 5 Comcast IPs. This is an additional 3230 complaints in just over 24 hours. I think Comcast is dev/nulling SpamCop reports. They certainly aren't acting upon them. -- The Rules of Spam \| Maryland's New Anti-Spam Law Where are we going? And what's with the hand basket?
	to forum · permalink · · 2004-02-29 22:25:33 ·


Friday, 27-Nov 12:19:54	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF