Comcast has taken some heat for the amount of spam generated by its broadband customers, many of them "zombies" who are unaware that their systems have been hijacked by spammers. But Comcast appears to be taking a somewhat heavy-handed approach to solving the problem, suspending or threatening to suspend accounts in cases where there is little no evidence the customer is actually infected.
One Comcast customer reported recently that his ability to send e-mail was suspended for 48 hours because he was sending too much e-mail for Comcast's taste. After sending one fairly large batch of messages, the reader suddenly found himself blocked from sending any further e-mail. A notice from Comcast directed him to a FAQ page on Comcast's website that explained "we are temporarily (for a period of 48 hours) suspending e-mail accounts on any infected customers generating abnormally high outbound e-mail traffic. Doing so will give our customers notification about the situation, so they can adequately protect and repair their computers."
The reader however was able to establish that his system was not infected. "I run Mac OS X and do not have any viruses or worms," he wrote. He spoke with Comcast customer service to convince them of this, but was told he would have to wait out the 48 hours in any case. "There was no advance notice of this policy change, and there is no definition of what 'abnormally high outbound e-mail traffic' means. They have previously implemented other spam blocking measures such as a limit on the number of recipients per e-mail message and a limit on the messages that can be sent per SMTP session. And everybody's still seeing lots of spam from Comcast users anyway."
Another reader reported receiving an e-mail notifying her that the Comcast Network Abuse and Policy Observance team had "confirmed that your computer has been involved in attempted virus propagation, an activity that is in violation of the Comcast Terms of Service Agreement. The reporting parties have provided logged information, which identifies the IP address ... was one that was assigned to your computer at the date and time in question." The message went on to say that she should take steps to secure her system and that failure to respond to the message could result in the suspension of her account.
But the reader -- a long-time correspondent whom I know to be very security conscious -- is about as certain as one can be that the virus did not actually come from her system. "We told Comcast that since we have a router, regularly updated anti-virus software and a firewall that inspects all of our outgoing e-mail messages as well as the incoming ones, it's very unlikely we 'propagated viruses,'" she wrote. "We asked them to send us the full header demonstrating that any infected messages actually came from our IP address, but they have not responded. My guess is that someone sent a complaint to the Comcast abuse address on the basis of the 'From:' line showing one of our e-mail addresses, without looking at the header information. Either the Comcast software turned this forward automatically into a violation without inspection by a human being, or the message was looked at by a Comcast employee who doesn't understand how to read the header information."
The reader's experience with Comcast over the years makes her think it would be all too typical for them to employ abuse specialists who don't bother to read the real header information. "Comcast has already demonstrated to us that they have no real customer service," she wrote. "By their treatment of customers as nuisances who should pay them without asking for anything resembling the normal service one would expect from an ISP, Comcast has been making it very clear that they want people to pay them for Internet access but don't want to earn that money by employing knowledgeable people. They seem more interested in making false accusations than they are in really protecting their customers from IP spoofing attacks."
Read and post comments about this story here.
9:48:40 AM 
|
