One million Telewest customers have been blacklisted for sending spam by one of the most powerful anti-spam organisations on the Web.
The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many anti-spam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.
Matt Peachey, managing director of IronPort, the security firm whose Senderbase system first revealed the extent of Telewest's spam problem, told ZDNet UK sister site silicon.com: "The ISPs know they're spamming but they're reluctant to put things in place which block mail. With ISPs it's not about what comes into their networks, it's about what goes out."
Despite such apparent warnings a spokesman for Telewest said the company believes SPEWS' actions have been "a little heavy-handed".
And Peachey is inclined to agree. "I'm not surprised this has happened but I am surprised at the number of IP addresses which have been blacklisted," he said
Peachey says there are around 17,000 IP addresses on the blueyonder.co.uk domain which are pumping out spam — yet the SPEWS blacklisting applies to more than 900,000.
"This is why blacklists are so problematic," said Peachey. "There will be a lot of people who are blacklisted who have been doing absolutely nothing wrong."
However, Telewest is holding back from any further criticism of SPEWS.
"We have to let them get on with what they do and concentrate on our own game," the spokesman added. He accepted Telewest must take some responsibility for the situation reaching such a crisis point but said: "It's an industry issue which every ISP suffers."
The Telewest spokesman said: "We're doing our best to contact customers and we are talking them through physically cleaning up their PCs."
"Later this year we are launching a very comprehensive security package for our customers including a free firewall, free anti-spam and free antivirus," he added.
Currently Blueyonder.co.uk is the ninth in the Senderbase list of email generating domains — only two places behind Hotmail and two ahead of AOL.com.
According to Senderbase, blueyonder.co.uk addresses are generating 90.4 million emails per day. The company confirmed it has around 700,000 customers, with up-to-date figures due for release this Thursday.
Talkback
You have to wonder how many of the blocked addresses belong to their Business Customers and if these people have a recourse under their Service Level Agreement. Their Residential customers on the other hand have no come back at all.
If business customers have a right to recourse under an SLA then surely the ISP has the right to block them from their network for being so wide open!
Putting in a decent firewall, content filtering gateway and anti virus protection isn't that difficult.
Send them a letter or e-mail saying that their internet access will be cut off then cut them off and see how quickly they respond!
IWhat I meant was, are there any Business customers being blocked because of the lack of security on Residential Customrer's machines. Remember Blueyonder does not give out fixed IP addresses.
How do we know if we, as a Blueyonder customer, have been blacklisted, or have all Blueyonder customers been blaclisted since IP's are not fixed?
I have only once been troubled by spam on Blueyonder. However on a Lineone account, I am inundated, mostly originating from AOL,BT or Hotmail, previously so on a BT account.
I am unaware of any originating from Blueyonder, but it may be so.
Does this situation explain why, at times, it's difficult/impossible to retrieve email from Blueyonder.
If BY are allowing outbound SMTP connections from customers' machines rather than enforcing the use of their relay, they deserve all they're getting. There is no other defensible position.
I use Blueyonder and have noticed that the amount of Spam I noe recieve has dropped significantly. However, I have noticed a number of e-mails bouncing back to me with no reason given. I hope I have not been blacklisted as I have been using Norton Firewall and Antivirus for years and it is always fully updated.
Scanning inbound mail, whilst useful, is rather like shutting the stable door after the horse has bolted.
If all mail service providers scanned outgoing mail for spam/viruses etc and returned all such e-mail to their client's e-mail address or blocked their user access until their system was clean, people would soon wake up to the fact that unless they take the security of their PC's seriously, they will simply hand over control of their machines to criminals.
It would also be preferable if all Internet Connections were assigned unique, tamper proof IP addresses, which displayed with all e-mail. This would enable recipients and their ISP's to block e-mail originating from particular IP addresses as opposed to attempting to block addresses which have invariably been spoofed.
So you're saying that Home users aren't allowed smtp servers?