900,000 ISP customers blacklisted

More than 900,000 customers of U.K. Internet service provider Telewest have been blacklisted by one of the most powerful antispam groups on the Web.

The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many antispam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.

Last month, Silicon.com revealed that some of Telewest's Blueyonder.co.uk home subscribers were sending hundreds of thousands of e-mails each day--a sure sign of an open relay, pumping out spam.

At the time, Matt Peachey, a managing director of IronPort, whose Senderbase system revealed the extent of Telewest's spam problem, told Silicon.com: "The ISPs know they're spamming, but they're reluctant to put things in place which block mail. With ISPs, it's not about what comes into their networks; it's about what goes out."

Despite such apparent warnings, a representative for Telewest told Silicon.com the company believes SPEWS' actions have been "a little heavy-handed."

IronPort's Peachey is inclined to agree. "I'm not surprised this has happened, but I am surprised at the number of IP addresses which have been blacklisted," he said.

Peachey said about 17,000 IP addresses on the Blueyonder.co.uk domain are pumping out spam, yet the SPEWS blacklisting applies to more than 900,000.

"This is why blacklists are so problematic," Peachey said. "There will be a lot of people who are blacklisted who have been doing absolutely nothing wrong."

However, Telewest is holding back from any further criticism of SPEWS.

"We have to let them get on with what they do and concentrate on our own game," the representative said. He accepted that Telewest must take some responsibility for the situation reaching such a crisis point but said "it's an industry issue which every ISP suffers."

The Telewest representative said: "We're doing our best to contact customers, and we are talking them through physically cleaning up their PCs."

"Later this year we are launching a very comprehensive security package for our customers including a free firewall, free antispam and free antivirus," he added.

Currently Blueyonder.co.uk is the ninth in the Senderbase list of domains generating e-mail--two places behind Hotmail and two ahead of America Online.

According to Senderbase, Blueyonder.co.uk addresses are generating 90.4 million e-mails per day. The company confirmed it has around 700,000 customers, with updated figures due for release on Thursday.

Will Sturgeon of Silicon.com reported from London.

[hadaso]

Giving users free software is not enough!

Giving users free software is not enough!

What ISPs should do is monitor for outgoing mail in large quantities going directly out of PCs or through their servers. Monitor their servers for exceptional bounce rates fromspecific users, scan outgoing email for spam, or at least sample outgoing email using automatic tools, and then automatically increase sampling when suspisious behaviour is found.

But most important: they should make subscribers aware that there are possible problems, that these problems may affect both their own computers and other people's computers, and that good security measures are important both as self protection and as responsible citizenship (netizenship), and they should promise the subscribers that they will alert them when there's trouble and help them resolve it.

The two most important things here are awareness and trust: subscribers should be aware of the possible problems, and trust their ISP both to tell them when something's wrong and to help them resolve the problem.

[System Tyrant]

Spam Blacklist

It goes to show that blacklist don't really work that well. You aren't going to stop spammers by blacklisting an IP address. What you really achieve is angering 900,000 users who are victims of spammers.

I believe if things don't change those who use the services of spam blacklisters are going to feel the sting of a backlash. It really comes down to the ISP though. They need to monitor their users without being intrusive.

The funny thing about blocking IP addresses and not domain names is that the spammer just moves to another server that isn't blocked while those on the blacklisted IP continue to suffer.

The amount of "colateral damage" done by blacklist services is going to become unacceptable at some point (if it already isn't) then what are we going to do?

[My-Self]

Blacklist worked well ...

If the ISP decided to let the situation worsen to the point where 17000 of their IP are sending spam, then there is a major problem. By blacklisting them, SPEWS forced them to take action, and since they know they're guilty as charged, they don't even complain.
May that be a lesson for all other ISP who neglect to take preventive measures so that their network does not become a major spamming platform.

[Razzl]

Blacklists work, focus on the real culprit

There are any number of major isp's out there who are taking appropriate measures to keep their customers from becoming spam zombies--customers of those who aren't should direct their ire at their isp, not at the blacklist. Blacklisting shuts off the zombies from that source and makes the isp correct the problem. Focus on the real culprit here, which is the isp, not on the blacklist, which is part of the medicine that cures the problem.