What is the current status of Comcast to block smtp port 25? Is there a plan in place to do this system wide soon?
I've been reading some stats and it seems that Comcast has the highest percentage of SPAM of any ISP(by a long shot). As much as I hate the port 25 blocks, there are workarounds. It would seem that this would be the right thing to do for the internet in general.
At this time, there are no plans to implement a port 25 block across the network. This decision may change in the future but for now there are no plans. We do have a team investigating techniques to help reduce spam without having to block entire ports or other services.
First, the current Hotmail issue is caused by a virus on the MSN side, not because of a misconfigured Comcast SMTP server. And the earlier incident in October ended up being caused by a change that Hotmail/MSN implemented which was blocking more than just Comcast.net email servers.
Next, I assure you that the Comcast executives are concerned that spam originating from the Comcast domain is at a high level and they are doing everything possible to help reduce this without having to take away services and features such as the use of port 25.
> While this current Hotmail issue is from a
> misconfigured Comcast smtp server, previously it was
> because of a Comcast server that was blacklisted from
> too much SPAM.
Even if this were true, a port 25 block wouldn't have prevented it. Connections to the Comcast server still would have to be allowed. A general port 25 block will only block connections to everywhere *other* than the Comcast servers.
> First, the current Hotmail issue is caused by a virus
> on the MSN side, not because of a misconfigured
> Comcast SMTP server. And the earlier incident in
> October ended up being caused by a change that
> Hotmail/MSN implemented which was blocking more than
> just Comcast.net email servers.
Don't be too sure. I am reading some threads on BBR and it seems mail is indeed getting through to Hotmail if it's not sent through Comcast. One guy seemed to think it was a Hotmail receiving smtp server with an overzealous rule. Turns out that another poster pointed out a badly configured Comcast smtp server. See this thread: http://www.dslreports.com/forum/remark,14608673~days=9999~start=40
> Don't be too sure. I am reading some threads on BBR
> and it seems mail is indeed getting through to
> Hotmail if it's not sent through Comcast. One guy
> seemed to think it was a Hotmail receiving smtp
> server with an overzealous rule. Turns out that
> another poster pointed out a badly configured Comcast
> smtp server. See this thread:
> But what do I know? lol
I don't think it would be created by a virus on their side, I think they added some filtering based on preventing the virus and it's affecting Comcast's smtp servers.
But yes, that thread does show some Comcast dumbness that -might- or might not be involved in this.
I don't want port 25 blocking. I think Comcast is right-on-the-money here. I pay for internet access, not internet filtering. Filtering is my responsibility.
I see there is even more proof on Comcast culpability on that thread now.
I remember when I was on Cox over three years ago and they started port 25 blocking. I was PO'd then. Especially when I couldn't find any other ports to use. Things are different now. I have Comcast configured to use an alternate port now so I wouldn't even notice a port 25 block. I am on the fence with this issue. From my perspective it doesn't affect me whether they block port 25 or not. Most users don't even use a email client anyway so it would make no difference to the masses either. And fwiw most ISPs have now started blocking port 25 anyway. I like what Norman suggested, block all but let me unblock it if asked for me.
Now if Comcast had some way to affectively shut down all these zombie systems then go for it. As it is now one of the side affects is watching for too many recipients on a distribution list.
I pay for internet access like you but at the same time I dislike the SPAM. And has been in the past at times Comcasts smtp servers get blacklisted for sending out too many SPAM messages. While you or I may be able to filter out SPAM we cannot filter out what goes through Comcasts smtp servers. Blocking port 25 seems like the best course of action as long as other ports are available.
> I have Comcast
> configured to use an alternate port now so I wouldn't
> even notice a port 25 block. I am on the fence with
> this issue. From my perspective it doesn't affect me
> whether they block port 25 or not. Most users don't
> even use a email client anyway so it would make no
> difference to the masses either.
You seem to be confused about how a port 25 block would work. Comcast customers, those connected to the Comcast network as subscribers, and using the Comcast mail servers, would still be able to leave their clients set to send mail on port 25. The block wouldn't change that at all.
A port 25 block would only prevent you from connecting to an external mail server, i.e., a mail server other than smtp.comcast.net. That's what spammers do - they physically connect to the Comcast network, but pump out their spam through some unsuspecting mail server outside the Comcast network, where Comcast can't directly control the flow.
That's why you can't send an email to 10,000 people at once - the Comcast mail servers prevent you from doing so. But you could use your Comcast connection to send that same email if you used some other mail server. That's what a port 25 block would prevent.
Well you're right of course. A Comcast user using a Comcast IP would be able to send using port 25. Guess I did kinda mistype that. For me I use Yahoo(Yahoo Mail Plus) as my default smtp server. So from that perspective I would not notice a port 25 block because I use an alternate port to send them through. That's also why I never have been bothered with these email delivery issues with Comcast. This is starting to remind me of the old @Home days and their email problems. Then it was receiving that was an issue, here it's delivery.
To Barmar, depends on just what the current problem is. If you go read that thread on DSLReports you can see that Comcast does indeed have a/some misconfigured smtp servers. It is looking less and less like a virus issue. Now as far as blocking ports, because Comcast has not blocked port 25 yet, they are allowing a butt load of SPAM to get through because of Open Proxies that allow zombied computers or others to spit out SPAM through port 25. The port 25 blocks are designed to NOT allow sending of messages through any Comcast server unless they are part of the Comcast IP space. As it is now anyone can sent email through a Comcast smtp server.
To me it's the lesser of two evils. Hopefully Comcast will get a handle on this soon.
My sources (i.e. the Comcast abuse team which has spoken directly with the MSN/Hotmail team) report that this current email issue is being caused by a virus issue on the MSN/Hotmail side. These same sources have also stated that the similar issue that occurred in October was related to a MSN/Hotmail spam filter change that caused Comcast and some other ISPs to have email destined for MSN/Hotmail be rejected (Cox and Rogers are some of the few I saw similar issues being reported).
The source you are pointing to on the BBR thread does not claim to be either an MSN/Hotmail or Comcast employee so I have to say that their information is based on speculation. Thus, while it is believable that a misconfigured email server could cause this type of email rejection issue, I am being told by my sources that this is not the cause of the current MSN/Hotmail - Comcast email issue.
Well I take it that you didn't read the threads for yourself then. They posted the smtp server issues for everyone to see. I don't see how it makes a difference whether they are or are not MSN or Comcast employees. From what was posted you can indeed see that Comcast does indeed have a server issue. From what is being posted the email reject is coming from the Comcast server and not the MSN/Hotmail servers.
But don't take my word for it. ;-)
Well it's kinda getting off thread now. But from the way I understand things this would appear to indeed be a Comcast issue and not Hotmail. Here's why. If I attempt to send a message to a Hotmail recipient I get an immediate reject with this message:
"The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'my firstname.lastname@example.org'. Subject 'Testing email delivery', Account: 'Comcast Mail (my acct name)', Server: 'smtp.comcast.net', Protocol: SMTP, Server Response: '550 permit denied', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79"
That is not a delivery failure notice but a Comcast smtp submission server refusing to even accept the message for delivery. So is the Comcast server set to simply reject any email with a hotmail recipient? This appears that Comcast isn't even trying to deliver the message. That seems to me to be a Comcast problem and not MSN/Hotmail.
Now I don't pretend to know all the ins and outs of email inner workings and maybe there is a simple explaination. Perhaps MSN asked Comcast to stop sending email to them. ;-)
> That is not a delivery failure notice but a Comcast
> smtp submission server refusing to even accept the
> message for delivery. So is the Comcast server set
> to simply reject any email with a hotmail recipient?
Yes, it is, and Jason1 has explained why. Comcast had to start rejecting all messages for MSN/HM to keep their mail servers from being overwhelmed. Please re-read my "truck accident" analogy if you still don't get it. The truck accident is at MSN/HM. Comcast is the state trooper, closing the entrance ramps. It's an MSN/HM problem.
> This appears that Comcast isn't even trying to
> deliver the message. That seems to me to be a
> Comcast problem and not MSN/Hotmail.
Same response. The complete block is simply Comcast's way of fending off a bigger disaster.
What we are saying is that Comcast has put in a temporary block on all emails that are destined for MSN/Hotmail. This means that if you use the Comcast email servers to send an email to either MSN or Hotmail, the Comcast SMTP server will reject it and send you back the 550 Permit Denied message. This is intentional and is being done by Comcast because if we were to continue collecting all of the emails destined for MSN/Hotmail, we would have run out of disk space by queueing these messages for MSN/Hotmail, which would have negatively affected email delivery to other domains.
This block was put in place by Comcast because the MSN/Hotmail servers were no longer accepting emails or were taking excessively long time to respond to our mail servers.
This block by Comcast is temporary and will be removed once we receive confirmation from MSN/Hotmail that the issue is resolved and once we verify that our email queues to MSN/Hotmail are decreasing in size.
I see that now Jason. I was just reading the pinned thread about the issue. Once I got far enough in the threads it finally became clear of why Comcast is blocking messages to MSN/Hotmail. I understand fully. I just wonder why it took so long for someone to just say that. Blocking email to them makes perfect sense. However the earlier explainations just said it was because of a Virus. Seems to me someone should have just said we are blocking all messages until further notice to prevent any other problems.
Sorry to take up your time. You do good work here.
And to Early Out, I have just read of the Comcast blocks.
Message was edited by: jbob
> And to Early Out, I have just read of the Comcast
This is why some of us seem to go nuts when the same subject is being discussed in half-a-dozen different threads. We're not all singing from the same songbook, and folks miss stuff they need to know about!
Personally, I'm lobbying for a return to tin cans and string....
> To Barmar, depends on just what the current problem
> is. If you go read that thread on DSLReports you can
> see that Comcast does indeed have a/some
> misconfigured smtp servers. It is looking less and
> less like a virus issue. Now as far as blocking
> ports, because Comcast has not blocked port 25 yet,
> they are allowing a butt load of SPAM to get through
> because of Open Proxies that allow zombied computers
> or others to spit out SPAM through port 25. The port
> 25 blocks are designed to NOT allow sending of
> messages through any Comcast server unless they are
> part of the Comcast IP space. As it is now anyone
> can sent email through a Comcast smtp server.
You're still confused.
Comcast's servers are already configured to only allow mail from Comcast customers. You have to either come from Comcast IP space, or use SMTP authentication to provide a Comcast account and password.
As has been explained in other posts, a port 25 block prevents customer machines from connecting directly to external SMTP servers -- it forces them to go through a mail submission service (either Comcast's or someone else that they have permission to use). It's good for stopping zombies, but does nothing about mail sent through the Comcast servers, so it would not prevent Comcast's servers from being blocked by other ISPs.
Comcast already has other measures in place to make it hard for customers to send spam through the mail server. Each message is limited to 100 recipients, and a customer IP is only allowed to send 20 messages in a short period of time (customers who operate legitimate mailing lists can notify Comcast and get these limits raised).
Yes remember this was typed before it was admitted that Comcast was indeed rejecting mail to hotmail addy's.
Yep this port blocking stuff always flusters me. Actually it's outbound port 25 that gets blocked right? This prevents anyone on Comcast IP space to access any outside smtp server going through port 25. Other ports however are available. That's why these Comcast smtp server issues never bother me. I use alternate.
So why does Comcast rate so high on the SPAM sending scale? So many zombied systems? Why is Comcast one of the last major ISPs to NOT block this port? I'd prefer to not see it blocked but as I mentioned in another post I guess it's the lessor of two evils.
I do like learing in situations like these. Good inputs from several users. Some just get on a tangent. A fwiw I am a Comcast supporter althought their customer support could be better.
I'd say Comcast is remiss in not blocking port 25 and in not attempting to identify and eliminate Spam Cannons.
I suspect the issue is one of resources, and that instead of adding staff and technologies to address the Comcast spam cannons, Comcast management instead deflects suggestions by discounting the effectiveness of the port blocking strategy.
> I suspect the issue is one of resources, and that
> instead of adding staff and technologies to address
> the Comcast spam cannons, Comcast management instead
> deflects suggestions by discounting the effectiveness
> of the port blocking strategy.
Initially, they'd also have to dedicate some resources to carving out exceptions to the port 25 block, particularly for their business customers.
Ultimately, of course, some up-front work could yield a bigger pay-off down the road, by reducing the load on the network, reducing the time they spend squabbling with other ISPs about being blocked as spammers, and so on. Sadly, American business these days is not known for taking a view beyond the current fiscal quarter.
> I wonder but does Comcast have any alternate smtp
> ports that our email clients can use now?
To repeat, as long as you're connected to Comcast's network, and routing your email through smtp.comcast.net, your client can continue to use port 25, even with a so-called "port 25 block" in place. It would have no effect on your email client.
And of course, if you want to use SSL, you can use port 465.
> To repeat, as long as you're connected to Comcast's
> network, and routing your email through
> smtp.comcast.net, your client can continue to use
> port 25, even with a so-called "port 25 block" in
> place. It would have no effect on your email
> And of course, if you want to use SSL, you can use
> port 465.
I was wanting to test a theory using an alternate port besides 25!
It's WAYYYY past time to implement port 25 blocking.
I suspect that Comcast has a LOT of their business customers IPs mixed in with the IPs handed out to cable modem users. Hence, blanket port 25 blocking would block them also. I cannot think of any other reason why this was not implemented a loooong time ago.
I'll say it again that I really appreciate that Comcast hasn't blocked port 25 connections to off-network IPs like many of the other ISPs have.
I pay for internet access, not internet filtering. If I wanted a filtered internet, there are other services that I could use (like AOL, among many others).
However, I know that Comcast is under customer and industry pressure to block outbound port 25 connections. While I'd rather have no blocking at all, I know that Comcast might be forced into a business decision eventually.
So, should this happen, I would like to recommend that Comcast handle this in the same way that they handle heavy e-mail senders ... that any restriction is something that can be lifted on an account-by-account basis by customer request.
> So, should this happen, I would like to recommend
> that Comcast handle this in the same way that they
> handle heavy e-mail senders ... that any
> restriction is something that can be lifted on an
> account-by-account basis by customer request.
Given the way that Comcast's business customers use their connections, they'll have to provide for case-by-case exceptions. I just hope that if they do block port 25, they'll be willing to grant exceptions to residential users, as well as business users. Most of us wouldn't need it, but those who do, really do!