COMCAST has just blocked all web based email ???
nos...@nospam.nul
and you get this message back from Excite:
************************************************************************
This is the Postfix program at host xmxpita.excite.com.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For more information about the possible cause of this problem, please
see: http://help.excite.com/email/bounce.html
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
< -------- @comcast.net>: host gateway-s.comcast.net[63.---.--.--]
said:
550-208.--.---.--- blocked by ldap:ou=rblmx,dc=comcast,dc=net 550
Comcast does not support the direct connection to its mail servers
from residential IPs. Your mail should be sent to comcast.net users
through your ISP. Please contact your ISP or mail administrator for
more information. (in reply to MAIL FROM command)
***************************************************************************
+++++++++++++++++++++++++++++++++++++++++++++++++++++
I checked online and found that others are having this same problem in
the DFW area, maybe nationwide. Here's one comment:
"I've done some checking on Google and it appears the Comcast.net
problem is not just ours. There are hundreds (thousands?) of other web
sites that have been placed on Comcast's blacklist. Anyone with a
Comcast account cannot receive emails from these web sites. My advice,
cancel Comcast and go with a better ISP."
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Here's the reply back from Comcast Tech Support:
==========================================================
Thank you for your message concerning the Comcast High-Speed Internet
service.
What is likely happening is that the mail is being sent from a domain
that does not have its Reverse Domain Name System (rDNS) configured.
In Comcast's ongoing efforts to reduce the amount of spam that reaches
our subscribers we no longer allow email to be received from IP
addresses that are configured without an rDNS. We advise that you
contact the ISP or Mail Administrator for more information on how to
set up rDNS. Please see this website for further information
http://www. comcast.net/help/faq
Thank you for choosing Comcast High-Speed Internet. For answers to
frequently asked questions and updates on new features, please visit
www.comcast.net and select Help.
Remember that Comcast will never ask for your password or billing
information via e-mail.
Thank you for choosing Comcast.
======================================================
Isn't Comcast the same company that got its balls slammed in the door
for advertising "unlimited internet" but sent nasty letters about
usage yet refused to define acceptable usage at all? Oh...
Barry Margolin
nos...@nospam.nul wrote:
> Send an email from Excite to a Comcast account in the last two days
> and you get this message back from Excite:
See the thread "Comcast refusing email from dynamic IPs".
However, it looks like there are some major errors in Comcast's database
of dynamic IP address blocks. They're not intentionally blacklisting
Excite, they're just confused.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
R. Lynn Rardin
Barry Margolin <bar...@alum.mit.edu> wrote:
> In article <be4k229cppo7t8733...@4ax.com>,
> nos...@nospam.nul wrote:
>
> > Send an email from Excite to a Comcast account in the last two days
> > and you get this message back from Excite:
>
> See the thread "Comcast refusing email from dynamic IPs".
>
> However, it looks like there are some major errors in Comcast's database
> of dynamic IP address blocks. They're not intentionally blacklisting
> Excite, they're just confused.
And if you take a look at mod Jason1's latest post on the topic
in the Comcast Forums, they're standing firm on their policy
_and_ refusing to reveal how they determine what is and what is
not a dynamic IP address. Comcast evidently feels that it's the
responsibility of the user to make sure their mail gets
delivered to their Comcast address by reporting mail that
isn't arriving (hmm, how do you know it's not arriving unless
the sender finds some other means of contacting you?!) to the
sender and/or sender's ISP so that the sender's ISP can jump
through the hoops necessary for them to make the Comcast grade.
Amazing.
--
R. Lynn Rardin
Bert Hyman
news:barmar-C33E81....@comcast.dca.giganews.com:
> In article <be4k229cppo7t8733...@4ax.com>,
> nos...@nospam.nul wrote:
>
>> Send an email from Excite to a Comcast account in the last two
>> days and you get this message back from Excite:
>
> See the thread "Comcast refusing email from dynamic IPs".
>
> However, it looks like there are some major errors in Comcast's
> database of dynamic IP address blocks. They're not intentionally
> blacklisting Excite, they're just confused.
In their response, they're say they're not blocking connection from
"dynamic IPs":
In Comcast's ongoing efforts to reduce the amount of spam
that reaches our subscribers we no longer allow email to be
received from IP addresses that are configured without an
rDNS.
All this means is that when a connection is made to a Comcast server,
they take the IP address of the connecting system (that's all they
have, after all) and try to find the name of that system by doing a
DNS query on it. If they don't get a response, they refuse the
connection.
Other than requiring a little extra work on the part of network
administration, there's no reason why so-called dynamic IP addresses
can't have DNS records.
--
Bert Hyman | St. Paul, MN | be...@iphouse.com
R. Lynn Rardin
Bert Hyman <be...@iphouse.com> wrote:
> bar...@alum.mit.edu (Barry Margolin) wrote in
> news:barmar-C33E81....@comcast.dca.giganews.com:
>
> > In article <be4k229cppo7t8733...@4ax.com>,
> > nos...@nospam.nul wrote:
> >
> >> Send an email from Excite to a Comcast account in the last two
> >> days and you get this message back from Excite:
> >
> > See the thread "Comcast refusing email from dynamic IPs".
> >
> > However, it looks like there are some major errors in Comcast's
> > database of dynamic IP address blocks. They're not intentionally
> > blacklisting Excite, they're just confused.
>
> In their response, they're say they're not blocking connection
> from "dynamic IPs":
>
> In Comcast's ongoing efforts to reduce the amount of spam
> that reaches our subscribers we no longer allow email to be
> received from IP addresses that are configured without an
> rDNS.
We're discussing a separate and new policy, Bert. To quote
moderator Jason1:
"The new policy quoted above is actually separate from the recent
rDNS policy. In short, this new policy is designed so that the
Comcast mail servers will reject email from residential IP
addresses. This may work somewhat in conjunction with the rDNS
policy but it is a separate policy from the rDNS checks..."
and
"After reviewing this new policy with the mail admins, it has
been determined that we will not be able to publicly announce
more details on this policy other than IP addresses that have
been identified as being dynamic will not be allowed to connect
to the Comcast mail server to deliver email. As for how Comcast
determines if an IP address is dynamic, this is the part that
we cannot disclose here."
--
R. Lynn Rardin
Bert Hyman
news:rardin-A0C155....@individual.net:
> In article <Xns979551F26AA...@127.0.0.1>,
> Bert Hyman <be...@iphouse.com> wrote:
>
>> bar...@alum.mit.edu (Barry Margolin) wrote in
>> news:barmar-C33E81....@comcast.dca.giganews.com:
>>
>> > In article <be4k229cppo7t8733...@4ax.com>,
>> > nos...@nospam.nul wrote:
>> >
>> >> Send an email from Excite to a Comcast account in the last two
>> >> days and you get this message back from Excite:
>> >
>> > See the thread "Comcast refusing email from dynamic IPs".
>> >
>> > However, it looks like there are some major errors in Comcast's
>> > database of dynamic IP address blocks. They're not
>> > intentionally blacklisting Excite, they're just confused.
>>
>> In their response, they're say they're not blocking connection
>> from "dynamic IPs":
>>
>> In Comcast's ongoing efforts to reduce the amount of spam
>> that reaches our subscribers we no longer allow email to be
>> received from IP addresses that are configured without an
>> rDNS.
>
> We're discussing a separate and new policy, Bert. To quote
> moderator Jason1:
That may be what ->you were discussing in another thread, but that's
not the problem being reported by the original poster. I quoted a
paragraph from his own post explaining why his mail was bounced.
And what moderator? None of the groups to which this thread is posted
is a moderated group.
Seth Goodman
> And what moderator? None of the groups to which this thread is posted
> is a moderated group.
>
>
The reference is to the moderator of the Comcast forums at
forums.comcast.net
--
Seth Goodman
DukieDallas
news:rardin-A0C155....@individual.net...
<snip>
>
> We're discussing a separate and new policy, Bert. To quote
> moderator Jason1:
>
> "The new policy quoted above is actually separate from the recent
> rDNS policy. In short, this new policy is designed so that the
> Comcast mail servers will reject email from residential IP
> addresses. This may work somewhat in conjunction with the rDNS
> policy but it is a separate policy from the rDNS checks..."
>
> and
>
> "After reviewing this new policy with the mail admins, it has
> been determined that we will not be able to publicly announce
> more details on this policy other than IP addresses that have
> been identified as being dynamic will not be allowed to connect
> to the Comcast mail server to deliver email. As for how Comcast
> determines if an IP address is dynamic, this is the part that
> we cannot disclose here."
>
> --
>
> R. Lynn Rardin
For what it's worth - and not related directly to Comcast - I have run into
similar issues with email from some of my customers on Verizon DSL service
with static IPs not being able to send mail to certain domains, even though
the source IP is static, not dynamic, and reverse DNS is set up perfectly
for it.
What I found in working with tech support at the ISP hosting the receiving
domains was that they looked beyond the specific IP address and its reverse
DNS to evaluate what block of IP addresses the IP was part of. My customers
static IP from Verizon shows this way when the IP Block command is issued:
GTE.net LLC VZN-DSL (NET-66-12-0-0-1)
66.12.0.0 - 66.15.255.255
Genuity DSL VZN-DSL-GEN-BLK05 (NET-66-14-0-0-1)
66.14.0.0 - 66.14.127.255
The mere fact that it was in a block that Verizon said was used for DSL
caused the mail to be rejected, regardless of the fact that that Verizon
uses at least part of the block for static IPs and that my customer's IP has
the rDNS set up perfectly.
DD
larry
Is this just an attempt to forward the new digital signature
email protocol where we all get to buy a digital signature
so email we send can be received?
Anyone that can steer me to a method of blocking ALL non-US
traffic? A firewall or proxy would work, but i don't see
where the IPs are numbered by international areas or
regions. I discovered blocking all dot biz eliminates 1/2
of inbound spam! Also, blocking korea, ru, etc helps too.
thanks, -larry / dallas
Thomas T. Veldhouse
> "The new policy quoted above is actually separate from the recent
> rDNS policy. In short, this new policy is designed so that the
> Comcast mail servers will reject email from residential IP
> addresses. This may work somewhat in conjunction with the rDNS
> policy but it is a separate policy from the rDNS checks..."
>
RBL! They are running or using a RBL. I doubt that they use spamhaus or one
of those directly, as they are known to offer false positives on spam hits
(they tend to be quite aggressive), so they are probabl running their own.
Clearly the data they use to generate the RBL data is inaccurate. If they
offered a better support path, it would be easier to correct errors in their
RBL database, but as it stands, it appears that they are on a course doomed to
fail.
--
Thomas T. Veldhouse
Key Fingerprint: 2DB9 813F F510 82C2 E1AE 34D0 D69D 1EDC D5EC AED1
Barry Margolin
Bert Hyman <be...@iphouse.com> wrote:
I just went back to the original post, and the bounce message contained,
"Comcast does not support the direct connection to its mail servers
from residential IPs." This is the error that occurs because of the new
dynamic IP policy, not the older (by a week or two) reverse DNS check.
Now, he did make reference to a reverse DNS policy, but that was in the
answer he got from a Comcast support tech. But it's clear that the tech
was confusing the two different checks -- don't we all know how
non-tech-savvy most of the people who man the Comcast support phones are?