Comcast Admits Their Zombie Problem
from the biggest-spammers-on-the-net dept
People have been talking about the problems of zombie machines spewing spam for a while. One of the biggest issues is how to get the broadband providers to do something about it, and to help stop the flow of spam from the computers of users who have no idea they’re sending out spam. One of the biggest targets in this discussion is Comcast – who, by their sheer size in the market, appears to have the most subscribers with compromised machines. In fact, last week, they admitted that they were, technically, “the biggest spammer on the internet.” They say that Comcast users send out 800 million messages a day – and 700 million of them are spam from zombie machines. Many have complained that Comcast hasn’t taken the situation seriously, but that seems to have changed lately. Over the last few months they’ve been a lot more proactive in letting subscribers know that their machines have been taken over – but it still takes a while, and end-users who end up getting cut off are often not savvy enough to understand what’s happening or how to fix it. One potential solution is to block port 25 – something that many other ISPs do – but Comcast has rejected that plan, knowing that the complaint and support costs would be overwhelming. Instead, it sounds like they’ve come up with a fairly creative method of dealing with the problem. They’re going to monitor overall usage, and if they become aware of a problem, they will remotely adjust only that user’s modem to block port 25. While this may still cause an occasional headache for some users, the overall impact should be much lower, and the non-tech-savvy zombie-fied customer will have the problem they didn’t know about solved without them knowing about it as well.
Comments on “Comcast Admits Their Zombie Problem”
Creative Solution Doublespeak
Instead of blocking port 25 they’ve decided to block port 25 instead.
Re: Creative Solution Doublespeak
Its the where they are blocking that is different not the what they are blocking.
Re: Re: Creative Solution Doublespeak
It’s actually the “who” not the what 🙂
Re: Creative Solution Doublespeak
uh… blocking all port 25s is quite different than just blocking those that are causing problems.
Intercept SMTP traffic
Just as many ISPs transparently intercept outbound TCP/80 traffic and force all browser clients to use a caching proxy unless the user opts-out, Comcast could intercept all outbound TCP/25 traffic from the average dynamic IP customer pools, force connections through a dedicated pool of “customer” SMTP relay servers.
This would allow automated detection and selective blocking of zombies, along with virus scanning, rate limiting, and other controls.
Customers who want to run their own mail servers would be upset, as would users who want to send email through authenticating SMTP servers at their employer or email provider. (For the latter, the smart customers will use SSL encrypted SMTP on TCP/465.)