North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Abuse procedures... Reality Checks

  • From: Frank Bulk
  • Date: Wed Apr 11 21:53:25 2007

It truly is a wonder that Comcast doesn't apply DOCSIS config file filters
on their consumer accounts, leaving just the IPs of their email servers
open.  Yes, it would take an education campaign on their part for all the
consumers that do use alternate SMTP servers, but imagine how much work it
would save their abuse department in the long run.


-----Original Message-----
From: Frank Bulk 
Sent: Wednesday, April 11, 2007 5:10 PM
To: '[email protected]'
Subject: Re: Abuse procedures... Reality Checks

On Tue, Apr 10, 2007 at 07:44:59AM -0500, Frank Bulk wrote:
> Comcast is known to emit lots of abuse -- are you blocking all their
> networks today?

All?  No.  But I shouldn't find it necessary to block ANY, and wouldn't,
if Comcast wasn't so appallingly negligent.

( I'm blocking huge swaths of Comcast space from port 25.  This shouldn't
really surprise anyone; Comcast runs what may well be the most prolific
spam-spewing network in the world.  I saw attempts from 80,000+ distinct
IP addresses during January 2007 alone -- to a *test* mail server.
I should have seen zero.  The mitigation techniques for making that
happen are well-known, have been well-known for years, and can be
implemented easily by any competent organization.)

This, by the way, should not be taken as indicative of either what
I've done in the past or may do in the future.   Nor should it be
taken as indicative of what decisions I've made in re other networks.