VPNINLA
@attbi.com | reply to akristov
Use A VPN
If you are working from home you should be using a VPN - especially if you are in the financial services business. |
|
hobgoblin
Sortof Agoblin
Premium
join:2001-11-25
Orchard Park, NY
clubs:
| reply to akristov
Re: They could hire me
akristov showed understanding by posting
"Blocking port 25 is also a problem when say you are a financial advisor and working from home on a rainy day. All email has to be sent using the SMTP server at the financial advisors home office in order that it is archived per NASD rules."
Can you say VPN?
Hob
--
"A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson |
|
djrobx
join:2000-05-31
Valencia, CA | reply to wentlanc
Port 25 is used by BOTH servers AND email clients to send mail to the SMTP server. Such a block would prevent the perfectly legitimate use of using an alternative SMTP server.
--
\\ROB - a part of the SCB local network |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| reply to akristov
said by akristov  :
Blocking port 25 is also a problem when say you are a financial advisor and working from home on a rainy day. All email has to be sent using the SMTP server at the financial advisors home office in order that it is archived per NASD rules.
For sensitive financial information, shouldn't the connection be running over SSL or a VPN anyway? Both will get around a port 25 block. |
|
akristov
join:2001-01-31
Tampa, FL
clubs: | reply to natter
Blocking port 25 is also a problem when say you are a financial advisor and working from home on a rainy day. All email has to be sent using the SMTP server at the financial advisors home office in order that it is archived per NASD rules. |
|
dead_node
@on.ca
| reply to keyboard5684
keyboard5684... according to RFC standards, relaying mail thru a domain is not permitted. you are only allowed to use the 'local transport agent', i.e. the SMTP server that is located on your domain. i might also add that it is also against RFC to run a public mail system on a dhcp address.
besides... its pretty easy to set up a pop or imap account to download from a remote site, and send out locally.
i work for an isp that does block port 25. we are not huge like comcast, but because of the speeds we offer [9mbps/1mbps] its very easy for a user to pump out a ton of spam VERY quickly [i had the joy of shutting down a spammer on friday  ]. when we did not have port 25 blocked, we had so many spam complaints that we had difficulty getting thru them all in one day. now, with port 25 blocked, we can better tell who is intentionally sending spam, and our workload in regards to spam is much lower. its also alot easier to tell who is intentionally spamming, and who is infected with the latest virus.
another thing that systems really shoud look at doing is checking ALL incoming connections to the mail server. doing this alone makes sure that the mail system contacting you is legit. |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| reply to natter
While I don't normally advocate changes that will effectively reduce the level of service I've grown accustomed to . . . in this case port 25 blocking is the ONLY answer to a continued increase in Comcast blacklisting.
Comcast is increasingly being seen as ineffective in policing their own network, and downright "spam friendly" by some. The reports of increasing blocks of large amounts of Comcast IP space by the likes of AOL, Earthlink & Mindspring are just a portent of worse days ahead, if Comcast doesn't do something to establish a trust with those networks who are doing the blocking. Port 25 blocking sends that "trust" message, and effectively communicates to the rest of the internet that they do, in fact, take abuse of the internet seriously.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
b1gdr3
I Blame Your Mother
join:2001-07-28
Pittsburgh, PA | reply to kpatz
Blocking port 25 makes the most sense. Don't have to educate tard customers that way. I fully support blocking port 25.
--
I wasn't born with enough middle fingers. |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA | reply to natter
I agree... unless you have a business account (with a static IP), port 25 should be blocked for outbound to anywhere except your ISP's SMTP servers |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| reply to quibbly
said by quibbly :
1) When a system if found to be infected with a trojan/virus/worm or considered open relay or in any form, relaying spam, have the persons Internet provider cut off their internet access. When the end user calls and states their internet isn't working, the ISP tech support will already have a note and can informing the customer of the problem. The tech support can help the end user fix the problem.
Comcast appears to have an abuse department that either;
•Does not care
•Is so understaffed that they cannot possibly address the current problems
•Is "micro-managed" by upper management to the point that they are not empowered to make termination decisions
•All of the above
The abuse@ mailbox is often full and bounces complaints sent to it, and the postmaster@ address is non-existant . . . a direct violation of RFC2142.
Without an efficient and effective abuse department who reads and acts upon abuse complaints, any and all measures to clean up their network will fail.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
quibbly
Premium
join:2003-02-07
Sugar Land, TX
| reply to kpatz
A cure to help stop spam and virus infected system
My two cents, but here is a simple solution to help stop SPAM and virus/worm infected systems.
1) When a system if found to be infected with a trojan/virus/worm or considered open relay or in any form, relaying spam, have the persons Internet provider cut off their internet access. When the end user calls and states their internet isn't working, the ISP tech support will already have a note and can informing the customer of the problem. The tech support can help the end user fix the problem.
2) Make every high speed user required to have a firewall (hardware) in place.
3) If on dialup, a software firewall installed.
4) If a large amount of spam comes from other countries, block that country until they fix the problem on their end.
All the above would stop all the infected systems, in turn, this will help speed up the internet. Number 1 would probably be one of the hardest because this will require all ISP's to become a little more organized and liable for their actions. Also, it would be great if the government could mandate all the above.
The key would require better communication from ISP to ISP, then from ISP to end user.
I for one receive a large amount of SPAM from Comcast. They seem to have the most unsecured systems around, or it could be they are making money off the systems and do not want to decrease their revenue.
Again, this is just my two cents. The solutions are simple, but in this day and age, simple seems to be the hardest thing to do.
Quibbly |
|
wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| reply to KUppiano
Hosting a mail server from a residential account is not a legitimate service that is being provided to you on your residential account. You are getting that service by violating the TOS/AUP. Since you are not paying for that service in the first place, you are out nothing if they block it.
puritan |
|
TimSpencer
join:2001-05-18
Arvada, CO
 ·Comcast
| reply to jsouth
In theory that makes perfect sense. In practice, paying for Comcast's Small Biz package does nothing for you. No static IP, can't run a server, I'm still using the same hardware I was on the residential side. All I'm getting for the addition $40/mo is a quicker response time if my circuit goes down.
--
"Don't think Meat, it can only hurt the ballclub." - Crash Davis |
|
technick
Premium
join:2000-12-16
Loganville, GA
| reply to Jeremy341
said by Jeremy341 :
said by natter :
How do you use non-standard ports for email? Other servers won't look at 28 or something.
Other servers won't, but a hosting company can set their servers so that they accept mail on port 28 from their customers. It's a very simple thing to do, and I'd do it for my customers in a second if anyone needed it.
That is the easy way of solving a problem, but it will cause more problems than it solves. I do not use my isp's mail personally for many facts, I prefer my own mail server as I can customize it, set other rules, and basically be the boss.
Maybe something like by default they block those ports on a per customer bases by default, and you can call in and have them remove those blocks.
--
AMD 2500, 1024 MEG PC 3200, 180 GIG HDD, MSI KT4 Ultra Board, MSI GEFORCE 4 TI 4600»www.streamfire.net/portfolio |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| reply to ki1o
said by ki1o :
I have a reason, I have my own domain email address and I use to use Comcasts smtp servers for my domain email until some isps blocked Comcasts smtp servers for "spam complaints". One example is, about every two months, when I tried to send email to my grandparents on webtv, the email would bounce back with "spam complaints."
Unfortunately, that solution has its own set of problems. I found out the hard way that some systems don't like this arrangement.
I tried sending a test message from Yahoo to my main email address. When it arrived, I found that Spamassassin had tagged it as being sent from a machine listed in SORBS. Upon further investigation, I determined that the SORBS-listed machine was my RoadRunner IP, listed in SORBS list of dynamic IP space. If I sent the same message through the RR SMTP server, Spamassassin didn't tag it. My IP appeared in the headers in both cases.
As far as I can tell, Spamassassin noticed that the Yahoo message was sent directly from my IP to Yahoo's server (via Yahoo web mail) without going through RR's SMTP. It interpreted this as an attempt at direct-to-MX spam from a dynamic IP, and flagged the message. In my case, this meant a small increase in the message's spam score. If my mail provider was simply bouncing suspected spam, the message wouldn't have gotten through at all.
So even though you don't use Comcast's SMTP, you still have an interest in the spam problem getting fixed. If it continues at the current rate, I wouldn't be surprised to see mail administrators start rejecting messages that have comcast.net anywhere in the headers. I know I'm getting damn close to setting my account to do just that. |
|
wheelzoff
join:2001-02-14
Irving, TX
clubs:
1 edit | reply to kpatz
That could be it too, with the millions of subscribers they have, they would definitely lose some cash getting rid of the many many infected users. Plus the cost of actually finding and removing them.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to wheelzoff
said by wheelzoff :
The more I think about it, it seems they aren't even hoping it goes away, they just don't care about the spam problem.
Could be they don't want to lose the revenue stream they get from the spammers on their network. |
|
wheelzoff
join:2001-02-14
Irving, TX
clubs: | reply to wheelzoff
The more I think about it, it seems they aren't even hoping it goes away, they just don't care about the spam problem.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
1 edit | reply to ki1o
Blocking ports to stop infected boxes from sending spam is like putting a bandaid on an infected sore - it masks the symptom but doesn't solve the problem.
Comcast has crappy email servers, and we'd be forced to use them if they block 25. What would be next, blocking 53 so we can only use their crappy DNS servers? Only allow port 80 to comcast.net? We don't need access to the rest of the web.  Think about it.
As I said, I would switch to DSL in a heartbeat if they ever pull this sort of crap. |
|
ki1o
Premium
join:2001-04-12
Atlanta, GA
| reply to natter
said by natter :
They need to block 25. No reason you can't use thier smtp servers.
I have a reason, I have my own domain email address and I use to use Comcasts smtp servers for my domain email until some isps blocked Comcasts smtp servers for "spam complaints". One example is, about every two months, when I tried to send email to my grandparents on webtv, the email would bounce back with "spam complaints." Then I would have to contact Comcast and eventually (after they stopped playing the blame game) get them to contact webtv to get off the spam list. After a month or two later I could send email to webtv again. Then two months later, the same "spam complaint" problems started again.
If I still used Comcast smtp servers, over half of my friends and family wouldn't be able to receive any of my emails. Now I use my domains smtp server which lets me send up to 50 emails a day for free. The most emails I send in an average day is about 10 or less.
--
Boycott The RIAA |
|
