Neil Turner's Blog

Blogging about technology and randomness since 2002

SPEWS blocks Telewest

SPEWS – the Spam Prevention Early Warning System – has added around 900,000 Telewest IP addresses to its blacklist, according to this BBC News article. I would imagine that this would mean that much of their customer base will be affected by this.
The action seems to be less about protecting users of SPEWS and more about making a statement about Telewest’s poor record on blocking users who have compromised systems which send out junk email. Later on in the article, another source reckons that only 16,000 machines are compromised, which puts the other 884,000 people whose IPs are blocked in a difficult situation and may mean that they find it difficult to send email. I noticed that a couple of regular Telewest-using commenters here both had their IP addresses in SORBS as well.
Telewest really should be doing more about the problem, such as temporarily disconnecting customers whose systems are compromised (as ISPs like PlusNet do) and offering them more help with disinfecting their systems.
It’s quite likely that I’ll be on Telewest next year and based on what I’ve heard about them I’m not really looking forward to it.

10 Comments

  1. Am I one of ’em?? I’ve been with Telewest for THREE years now at university. And I can say I’ve had very few problems. You’re never gonna have no problems, but the problems I’ve had have been sorted out fairly quickly.
    Some things to be aware of though (probably with most ISPs); minimum 12 month contract, which is a bugger if you’re a student. This is PER house. As I found out when we moved and couldn’t carry over the contract period. It restarted back to zero when we changed address.
    Other problems have been with the TV. We’re on the free package and a few times channels such as ITV2 and BBC3 have disappeared. However, this is a problem with the set-top-boxes, not Telewest themselves.
    We started with 1MB three years ago, and now we’re getting 2MB. I know a lot of broadband providers have upped their speeds, but I think Telewest were the first. We were upgraded to 1.5MB then to 2MB for free. That’s nice!

  2. Yes, you are, as is Richard.
    I’m sure some people are fine with them but I know others have had all sorts of problems with them.

  3. Hehe, i saw this article earlier today and wondered to myself how long it would take neil to blog it.
    I’m absolutely fuming, i’ve been a blueyonder customer for years, I was even a dialup customer before they launched broadband (they were quite late to the party originally)
    I can’t even remember a time when there hasn’t been venomous anger from customers on their blueyonder.support.mail newsgroup about being blacklisted in various spam list agencies. It’s been going on for years and teleworst have promised an end to it so many times that i have completely lost faith.
    When it comes to things like this they are completely incompetent. Open ports all over the place, mail servers that go down almost every month. And if you want unmanageable amounts of spam get yourself a blueyonder email address.
    And don’t let me even start on their digital TV service…

  4. Even if it is just 16,000 infected computers it’s still a large amount that could quite easily be detected and blocked by Telewest. I detected 5 infected computers in Bradford today, simply because they were trying to infect our network.
    I haven’t completely lost faith that today’s blacklisting will encourage them to do something about the problems on a long-term basis, but to do that they’d need some competent staff.

  5. If it’s any help, NTL are just as bad. When at home my parents’ firewall logs are full of infected NTL computers from the local area trying to access it.
    It’s probably quite fitting that the two companies are looking at merging.

  6. Blocklists are pretty much jokes anyway. Most are political in some sort of form.
    I don’t think blocklists are a good idea, myself, for the same reasons as Fred Langa doesn’t. I’d link to a relevant article of his but right now I’m tired. I’ll probably come back and link to one by tomorrow if no-one else does.

  7. I think Fred’s problem related more to lazy users – instead of unsubscribing, some users would report the message as spam. It would only take a handful of users to do this before some blacklist systems would blacklist the langa.com domain and all mail for some users would be blocked.
    My email system does use blacklists as part of SpamAssassin, but no one blacklist can force an email to not be delivered. Generally, it has to be in several blacklists and have spammy content before it is flagged as spam, and would definitely need to have lots of spam attributes before it would be blocked outright. Blacklists are useful but they should be merely a weapon in your anti-spam arsenal and not your only tool.

  8. Let me clarify what I mean by blacklists. A blacklist, by my definition, is a single point of reference by which all emails (or website URLs, or IP addresses, or whatever is being blacklisted) is judged. Based on the result of that, the email/URL is either rejected or passed on to the next blacklist, or given a clean bill of health if it’s the last one.
    A blacklist is, by nature, an “all or nothing” thing. SpamAssassin’s rules aren’t blacklists; they’re more like guidelines. I use it myself, although I don’t generally do anything destructive with the emails, like delete them. I always move them off to another folder. I only make exceptions when it’s more or less guaranteed that it’ll be spam – for instance, if SA says it’s spam *and* the address it’s sending to is one I use on newsgroups. SA is great, but it’s not perfect.
    And also, Fred isn’t just concerned with that. You may remember that he co-ordinated an email test with willing subscribers and found that a very low percentage actually got through. He has a lot to say about blacklists. [Here’s the link I was looking for earlier](http://www.informationweek.com/story/showArticle.jhtml?articleID=17300016).

  9. Well, okay, sorry. Not a very low percentage. But a significant percentage – 40% – didn’t get through. My mistake.

  10. Like trowster I’ve not had much in the way of problems but I mentioned a couple of months ago (sorry I’m not going to dig out a link as it’s late & I’m going to bed v. soon) that my firewall log is full of other bradford blueyonder addresses. Come to think of it, woe betide me if I should be so foolish as to actually not have a firewall running at any point. When the nice engineer came round to install broadband, the first thing I did was download a virus checker & a firewall but i wasn’t fast enough, not even close. (in the instructions for install is specifically says that there should not be either running at the time ๐Ÿ™‚ )