Comcast Blocked Gustavus Email

Here is a little story about why spam sucks, and why computer security is important.

Over the weekend I received and email because one of our users got an error message when trying to send an email to a family member. That family member had a comcast.net email address. The error message from Comcast’s mailserver was this:

host gateway-a.comcast.net[204.127.225.26] said: 550
138.236.128.241 blocked by ldap:ou=rblmx,dc=comcast,dc=net -> BL003 Blocked
for spam. Please see
http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18627 (in
reply to MAIL FROM command)

So I followed the link in the error message and it says that email from our mailserver ( 138.236.128.241 in this case ) is being blocked because it had sent spam to their mailserver in the past. Lower down on that page there is a link for getting off their block list. I followed that link, filled out their form and then took a look at our mailserver logs.

It looks like Comcast started blocking our email on December 14th at about 11:15pm. Other than that, I have no real clue from Comcast as to why they started blocking us. My educated guess is that a computer on campus was infected with a virus or spyware and was had sent enough spam to Comcast users to get us blocked. The main reason I say that is earlier in the week we had discovered an infected computer, blocked it from our network, however it was not completely clean and it started sending spam again. We blocked it a couple more times but each time it was connected to our network it was able to send out a couple hundred emails before we detected and stopped it.

So, on Sunday morning, less than an hour after I filled out the form on Comcast’s website, I got an email back from them. In short it said that we had been removed from their block list. No further explination, no example of spam we had sent, nothing. Oh well. At least I can give them credit for a very fast response. Especially considering it was on a Sunday morning and not the typical business hours.

So, let this be a lesson to all those users out there who don’t care about security, don’t patch your machine right away, or don’t remove spyware. If your computer becomes infected and sends spam, our entire email system may get blocked and your email might not get through. Now in this case the user with the infected computer was very cooperative, but I frequently I hear people say that they don’t care if their computer is infected since nothing valuable is stored there.

As a result of all of this, we will need to make a few changes to our email system that we wanted to do anyway, just not as soon. Our plan is to require authentication on all outgoing email that originates from on campus just like we do with all email originating from off campus. That should stop this spam for a little while until they find the ways around that too.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *