By silicon.com, 10 May 2005 17:20
Neither side involved in the blacklisting of almost one million Telewest users has covered itself in glory.
The Spam Prevention Early Warning System (SPEWS) has been accused of using a bulldozer to crack a nut. By blocking all Telewest IP addresses the anti-spam group has certainly blocked the guilty parties. But with those believed to number just 17,000 addresses it means there are around 900,000 innocent IP addresses on that list which are unable to send email to addresses whose own spam controls reference the SPEWS blacklist.
However, whatever the issues with blacklists, it goes without saying that one million pissed off customers is a strong catalyst for effecting change. And Telewest is working on that change right now.
Telewest may be right in calling the actions of SPEWS "heavy-handed" but it certainly highlights the need for ISPs to take greater action.
And there is not really any getting away from the fact Telewest has been incredibly remiss in monitoring the traffic which has been leaving its network.
It is frankly absurd that Telewest has been sending more email than AOL and that this is a situation which was allowed to go on to the point when SPEWS thought it essential to get involved. Telewest can't have thought it plausible that home broadband users on its blueyonder.co.uk addresses were sending hundreds of thousands of emails each day.
At some point those charged with monitoring such traffic must have noticed these figures.
Senderbase.org certainly had, as exposed on silicon.com last month.
It's even more incredible to consider that the bulk of this email was being generated by just 17,000 IP addresses.
It keeps coming back to that number.
SPEWS is wrong to blacklist the other 900,000 or so machines but Telewest is even more culpable for allowing those 17,000 to operate unchecked for any length of time.
Comments
There are 7 comments. Join the discussion
1. anonymous
SPEWS doesn't block anything and anyone who thinks its way of listing IP addresses is wrong should not use it to block mail (few commercial sites will use it to block).
SPEWS maintains a list of IP addresses controlled by ISP's who are in the habit of hosting spammers or spam support software.
2. Simon
Demon customers have just suffered the same problem with AOL who have blacklisted all Demon addresses - though they do allow for a whitelist.
As the article points out, the ISPs concerned really should take some of the blame, and it would not take too much imagination to severely impact on the spam problem. I believe it only requires a few steps, none of them overly onerous or disruptive to customers :
1) The ISP blocks all outgoing mail from it's customers other than through it's own relays.
2) Once it has done this, then it can implement monitoring/controls at it's mail relays to detect spam and take action to block it.
These two actions would effectively make the ISPs customers unable to send spam, and what's more, they would not even be noticed by 99% of their customers.
3) They would have to allow an opt-in, on request, to allow customers with fixed addresses to have the outgoing mail block lifted. This would have to entail the customer signing something to say that they understand the issues, won't run an open relay, etc, etc. Since spammers aren't going to give their details (especially postal address) away, then they aren't going to use this to allow them to spam - and if they did, their address would get blocked PDQ.
What we need is for more ISPs to seriously attack the issue, and put pressure (via blacklisting) on any that don't. It won't stop the problem, but we can sure as hell make life more difficult (ie more expensive) for the spammers.
3. CMylod
On the previous comment: forcing users to go via the ISP's relays is a no-no. A default block on own relays might work but it loses one of the main benefits of Internet access. Better still is to push ISPs to give a damn: monitor port 25 traffic and act swiftly to terminate any spam-linked traffic. But giving a damn costs, they'd rather hope the whole issue went away. SPEWS and mass denials tilt the balance towards giving a damn, even at the cost of short-term pain.
Ultimately it's up to leglislation and court fines to pinch the spam weed.
4. anonymous
Telewest deserves everything that
hits them between the eyes.
Spamming, by its nature, is clearly
the theft of an inexpensive resource
to do tremendous damage to millions
upon millions of users who in the
main are unwitting victims. On that
basis, I'm completely in favor of
blacklists that combat the spammers'
economic leverage by holding
providers fully responsible for what
goes out of their networks. When
this works the way it is supposed to
work, the stupidest, laziest and
greediest of providers end up paying
big for their dishonesty. The
900,000 complainants are just what
Telewest earned by their behaviour,
and I sincerely would wish that all
900K of those aggrieved users would
call Telewest's help lines at one
time, jam them and crash them.
As a user, I too get inconvenienced.
My provider, XO/Concentric, is about
as spammy as they come - not only do
I get gobs of spam, some of it comes
from other XO addresses which clearly
are not forged. Other IPs in my own
modem dialup pool regularly scan
ports on this old machine - XO users
trolling for XO victims, it seems to
me.
XO gave its users a spam filter only
about a year ago. Whoopee.
In the end: If anything hinders
spammers, increases their costs of
doing business; fines, harasses or
jails them, I'm completely for it.
Let there be more of this. Please.
5. Simon
CMylod wrote : "On the previous comment: forcing users to go via the ISP's relays is a no-no. "
Please go back and re-read what I posted - including action item 3 !
"A default block on own relays might work but it loses one of the main benefits of Internet access. "
Like I said, 99% of an ISPs customers wouldn't even know as they send their mail through their ISPs relays anyway. Thus blocking their outbound SMTP would block the spam and not affect them at all.
But I would NOT support any ISP that did this without a mechanism for allowing outbound SMTP to those that want it.
The best place to deal with spam is at the source - and if the action by SPEWS forces this (and other ISPs) to take notice, and take action, then I have to support it - even if it does cause (temporary) problems for a few.
6. anonymous
Obviously, Telewest is paying more attention to what its staff are doing rather than the customers. Coprate responsibility they call it.
7. Mike W
It *must* be easier to kill spam upstream, by an ISP monitoring a user's traffic, than once it has got out.
ISPs should not automatically enable all ports to new users, but should subsequently allow the ports to be enabled as required.
This would avoid port-scanning and RPC exploits on naive users, and block outgoing SMTP from infected PCs as well.