botted hosts

> Unblocking on customer request is an expensive operation, for both the
> ISP and the customer.

> And they frequently assume that network operations changes are
> free---Comcast reported that it would cost $58 million to implement port
> 25 blocking and notify customers, just for Comcast.

Anyone can come up with a number to convince themselves that they don't
need to do the 'right thing'. Comcast is probably using Docsis. Docsis
makes applying filters on a per user basis pretty darn easy.

Thats not the only thing they have to do. They have to (probably)
  1) change the user service agreements
  2) notify users of upcoming change several times
  3) alter docsis on networks in hundreds of cities.
  4) Staff additional support to handle calls.
  5) lose business because many people want to send email to the
server of their choice.

AOL blocks outbound 25.

They've said this for many years, but I have hundreds of AOL addresses
that have tried to abuse our relays. Maybe they do in some places, but not

Aug 6 2003 Trace 1638

This sort of attempted open relay abuse stopped only after the open relay
blacklists shutdown in late 2003.

Indeed, after about a year of complete quiet, abuse just started up again
about mid March, but not as strong as before: Very few hosts, very few
nets. Pretty lame, really, in comparision with the old days. All from
Korea, and China targeting Korean ISPs, and one from Uruguay targeting
Uruguayan ISP. Pretty definitely mailbombing by some open relay zealots
or script kiddies, who probably pass themselves off as anti-spammers.

It was interesting because I first got wind when some bounces were
recieved from a Korean open relay. I got them because they were forged av8
with mailbombing?