By Will Sturgeon, 10 May 2005 10:35
NEWS One million Telewest customers have been blacklisted for sending spam by one of the most powerful anti-spam organisations on the web.
The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many anti-spam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.
Last month silicon.com revealed that some of Telewest's blueyonder.co.uk home users were sending hundreds of thousands of emails each day - a sure sign of an open relay, pumping out spam.
At the time, Matt Peachey, MD of IronPort, whose Senderbase system revealed the extent of Telewest's spam problem, told silicon.com: "The ISPs know they're spamming but they're reluctant to put things in place which block mail. With ISPs it's not about what comes into their networks, it's about what goes out."
Despite such apparent warnings a spokesman for Telewest told silicon.com the company believes SPEWS' actions have been "a little heavy-handed".
And IronPort's Peachey is inclined to agree. Peachey told silicon.com: "I'm not surprised this has happened but I am surprised at the number of IP addresses which have been blacklisted."
Peachey says there are around 17,000 IP addresses on the blueyonder.co.uk domain which are pumping out spam - yet the SPEWS blacklisting applies to more than 900,000.
"This is why blacklists are so problematic," said Peachey. "There will be a lot of people who are blacklisted who have been doing absolutely nothing wrong."
However, Telewest is holding back from any further criticism of SPEWS.
"We have to let them get on with what they do and concentrate on our own game," the spokesman added. He accepted Telewest must take some responsibility for the situation reaching such a crisis point but said "it's an industry issue which every ISP suffers".
The Telewest spokesman told silicon.com: "We're doing our best to contact customers and we are talking them through physically cleaning up their PCs."
"Later this year we are launching a very comprehensive security package for our customers including a free firewall, free anti-spam and free antivirus," he added.
Currently Blueyonder.co.uk is the ninth in the Senderbase list of email generating domains - only two places behind Hotmail and two ahead of AOL.com.
According to Senderbase, blueyonder.co.uk addresses are generating 90.4 million emails per day. The company confirmed it has around 700,000 customers, with up to date figures due for release this Thursday.
Comments
There are 9 comments. Join the discussion
1. Jim Whitaker
Well done SPEWS.
2. anonymous
Can I sue SPEWS for DNS - if they are stopping my emails reaching the people I send them to.
Yes I realise their action is aimed at getting Telewest to deal with the problem.
Being a Telewest broadband customer I have been experiencing many probes trying to access my computer.
So, yes Telewest should advise customers sending SPAM, that their systems are infected.
However, a better approach for Telewest may be to identify and chop the source of the 'probes' that are being sent to try and get control of my system.
I would suggest redirecting identified SPAM to those sources but, under current law, that would probably make Telewest liable to prosecution for DNS activities
Finally, thank you; No I don't want any more spam or intrusion attempts
3. Ken Munn
Despite being a Blueyonder customer, I applaud the decision. But what about some much worse offenders out there. Isn't it time to shut them down too? Kornet, Comcast, RR, Bell, ATT et al.
4. anonymous
We do have Telewest narrowband in our area. We do in fact have analogue cable TV from Telewest & when our TV picture became unwatchable I discovered the reason. They have been trying to convert the network in this area to digital & have of course trashed the analogue service. They are 'threatening' to make the somewhat overpriced & capped Blueyonder cable broadband available here in a few months time. So thank you for the warning SPEWS & Silicon.com. By the way I rang Telewest to ask about the problem & predictably the answer was that, quite bluntly they could not care less. Obviously the 1,000,000 or so affected customers were of no consequence.
5. Nikki
Finally - some action is being taken! I haven't received spam from blueyonder.co.uk addresses but I've had several instances of browsing the internet and my firewall detecting intrusion from Telewest blueyonder.co.uk IP addresses attempting to infiltrate my machine and deposit trojans.
6. anonymous
Punish the Innocent? NO, its wrong!
I'm sorry, but to block 900,000 users because 17,000 might be sending spam is just wrong. Let's extend this practice a little shall we, there are lots of spammers in the US, let's block all their domains as well. right, who's next?
This is a knee jerk reaction from a dated, ineffective system. Reactive database blocking systems just do not work. I suggest that these people need to invest in an up-to-date system that employs current techniques to identify and block spam.
I'm not a telewest subscriber, if i was, i would be suing SPEWS for this blatant DDOS attack on my service.
Cure the problem not the symptom!!
7. Dave Brockless
SPEW must be employing my old schoolteachers: "Until the guilty ones own up, you're all staying after school!"
8. anonymous
Retired Consultant says "somewhat overpriced & capped Blueyonder cable". Well, I live in the Telewest SE area (ex- Eurobell) that's being upgraded. The conversion to Digital TV from Analogue is FREE. There is also a 3 (Tel line, TV & cable modem) for £30 a month deal offered. Doesn't look overpriced to me.
9. anonymous
About time!
The only way ISP's ever address the problem of SPAM from PC's/ servers within their IP address range is by this happening
Yes, innocent people get hurt, but frankly you can bet your bottom dollar that Telewest will get their fingers out and finally really address the issue
And as for the crap from the spokesman saying that they were contacting the clients who were infected - why not just disconnect them and let them contact you - I thought that was standard proceedure these days!