May 10, 2005 7:38 AM PDT

900,000 ISP customers blacklisted

More than 900,000 customers of U.K. Internet service provider Telewest have been blacklisted by one of the most powerful antispam groups on the Web.

The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many antispam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.

Last month, Silicon.com revealed that some of Telewest's Blueyonder.co.uk home subscribers were sending hundreds of thousands of e-mails each day--a sure sign of an open relay, pumping out spam.

At the time, Matt Peachey, a managing director of IronPort, whose Senderbase system revealed the extent of Telewest's spam problem, told Silicon.com: "The ISPs know they're spamming, but they're reluctant to put things in place which block mail. With ISPs, it's not about what comes into their networks; it's about what goes out."

Despite such apparent warnings, a representative for Telewest told Silicon.com the company believes SPEWS' actions have been "a little heavy-handed."

IronPort's Peachey is inclined to agree. "I'm not surprised this has happened, but I am surprised at the number of IP addresses which have been blacklisted," he said.

Peachey said about 17,000 IP addresses on the Blueyonder.co.uk domain are pumping out spam, yet the SPEWS blacklisting applies to more than 900,000.

"This is why blacklists are so problematic," Peachey said. "There will be a lot of people who are blacklisted who have been doing absolutely nothing wrong."

However, Telewest is holding back from any further criticism of SPEWS.

"We have to let them get on with what they do and concentrate on our own game," the representative said. He accepted that Telewest must take some responsibility for the situation reaching such a crisis point but said "it's an industry issue which every ISP suffers."

The Telewest representative said: "We're doing our best to contact customers, and we are talking them through physically cleaning up their PCs."

"Later this year we are launching a very comprehensive security package for our customers including a free firewall, free antispam and free antivirus," he added.

Currently Blueyonder.co.uk is the ninth in the Senderbase list of domains generating e-mail--two places behind Hotmail and two ahead of America Online.

According to Senderbase, Blueyonder.co.uk addresses are generating 90.4 million e-mails per day. The company confirmed it has around 700,000 customers, with updated figures due for release on Thursday.

Will Sturgeon of Silicon.com reported from London.

9 comments

Join the conversation!
Add your comment
Giving users free software is not enough!
Giving users free software is not enough!

What ISPs should do is monitor for outgoing mail in large quantities going directly out of PCs or through their servers. Monitor their servers for exceptional bounce rates fromspecific users, scan outgoing email for spam, or at least sample outgoing email using automatic tools, and then automatically increase sampling when suspisious behaviour is found.

But most important: they should make subscribers aware that there are possible problems, that these problems may affect both their own computers and other people's computers, and that good security measures are important both as self protection and as responsible citizenship (netizenship), and they should promise the subscribers that they will alert them when there's trouble and help them resolve it.

The two most important things here are awareness and trust: subscribers should be aware of the possible problems, and trust their ISP both to tell them when something's wrong and to help them resolve the problem.
Posted by hadaso (468 comments )
Reply Link Flag
Spam Blacklist
It goes to show that blacklist don't really work that well. You aren't going to stop spammers by blacklisting an IP address. What you really achieve is angering 900,000 users who are victims of spammers.

I believe if things don't change those who use the services of spam blacklisters are going to feel the sting of a backlash. It really comes down to the ISP though. They need to monitor their users without being intrusive.

The funny thing about blocking IP addresses and not domain names is that the spammer just moves to another server that isn't blocked while those on the blacklisted IP continue to suffer.

The amount of "colateral damage" done by blacklist services is going to become unacceptable at some point (if it already isn't) then what are we going to do?
Posted by System Tyrant (1453 comments )
Reply Link Flag
"Collateral Damage"?
I agree that blacklists are pointless, but who exactly suffers by being put on one? Nobody should be running their own SMTP server for a legitimate reason, use your ISP's, this way spammers will get caught and accounts will be disabled. Since nobody should be running these servers, what exactly is the collateral damage to the "innocent"?
Posted by sanenazok (3449 comments )
Link Flag
Blacklist worked well ...
If the ISP decided to let the situation worsen to the point where 17000 of their IP are sending spam, then there is a major problem. By blacklisting them, SPEWS forced them to take action, and since they know they're guilty as charged, they don't even complain.
May that be a lesson for all other ISP who neglect to take preventive measures so that their network does not become a major spamming platform.
Posted by My-Self (242 comments )
Reply Link Flag
exactly
the customers who leave their systems vulnerable end up annoying many other customers. getting blacklisted until they fix their systems is very appropriate.

say some criminal mastermind snuck into your house one day and is sending off mail bombs from your mailbox without you knowing he's even there. the police should be able to barricade your house off until he's ratted out even though you did nothing wrong. "but i don't have to lock my door!!" "no.. but here's a free lock"
Posted by Sam Papelbon (242 comments )
Link Flag
Blacklists work, focus on the real culprit
There are any number of major isp's out there who are taking appropriate measures to keep their customers from becoming spam zombies--customers of those who aren't should direct their ire at their isp, not at the blacklist. Blacklisting shuts off the zombies from that source and makes the isp correct the problem. Focus on the real culprit here, which is the isp, not on the blacklist, which is part of the medicine that cures the problem.
Posted by Razzl (1318 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.