Screenshots: Customers cry foul over TM Net mail proxy server

UPDATED VERSION. TM Net said a large number of IP addresses from its network have been blacklisted (sic! Blocklisted?) by many anti-spam organizations recently, causing its customers to be unable to send emails from their mail server to companies who might be using databases from these anti-spam organizations.

UPDATES: There is an on-going discussion in this Web Forum

To mitigate the problem, effective yesterday (December 3, 2007), TM decided to block OUTBOUND Simple Mail Transfer Protocol (SMTP) traffic -- or port 25 -- for all out going e-mails from dynamic IP addresses. From now on, all outbound SMTP traffic (outgoing emails) must pass through smtp.streamyx.com and smtp.tm.net.my. No second choice.

The action will cause Streamyx users one major impact.

From now on, Streamyx customers who use their own mail server running on TM's dynamic IP addresses will NOT be able to send e-mails out.

As an alternative, TM (the mother company behind TM Net) is giving this type of customers a solution.-- an open relay proxy server.

But Streamyx customers are crying foul.

Open relay proxy server open to fraud?

One webhosting provider emailed Screenshots to complain that TM's action has caused the company 'a troubling amount of support manhours' as it has to assign st6aff to tell the clients why their mail servers are no longer accessible.

The company also had to spend additional resources to help the client migrate to TM Net's "reliable" SMTP servers.

"There had been no forewarning for us who use the internet for business," the system administrator said. "TM caught us unprepared!. A statement on the same date of their implementation is stupid!"

On the other hand, other TM net customers are saying if TM Net is genuine about blocking spammers, they can easily block port 25 specifically to bar those spammers.

By blocking port 25 for ALL users, the customers say, TM is forcing them to use a proxy server -- and an open relay at that - to send their e-mails out. Such act will not only make it extremely easy for EVERYONE using the TMNet proxy to get blacklisted as soon as a spammer hits it, it means all our e-mails will stay in the proxy server for some time and can be stored, read, filtered by someone.

Meaning, they are asking if TM is sure about privacy and security issues of their proxy server which came one live yesterday.

On this matter, I have checked all resources on the TM Net website but no guarantees on these issues were given.

Hence, another pertinent question begets. What's the global benchmark action for situations like this?

What Comcast did in the US

A Screenshots reader in the know emailed to say that, on first glance, it appears reasonable for TM and TM Net to block outbound traffic on port 25 in order to prevent spammers from abusing it.

"They may even point you to a "similar" move by Comcast in the US when they, too, had blocked port 25 to prevent spamming," the reader said.

However, the Comcast case is NOT the same thing that TM and TM Net are doing right now.

"What TM Net does is far beyond what Comcast was doing," he said in an email. "Not only is it ineffective against spamming, it could in fact be used to censor, filter and track e-mails sent by anyone using the TM Net network."

"What TM Net want is for all their users with external e-mail servers to send their e-mails to a open-relay proxy server before they are sent out to their destinations," he added.

"This is the troubling aspect of the whole issue. Why the need to send our e-mails through a proxy server when TM Net can do what Comcast did and just block port 25 for offending spammers? It just doesn't make sense!"

UPDATES: Relating to the issue, a Comcast tech support who 'happens' to read Screenshots gave the feedback that Comcast hasn't blocked port 25 completely, and some customers are still using it.

"Non-spammers who do get issues with port 25 are advised to switch to port 587," the Comcast person said. "Maybe that can be applied to TM Net as well?"

Complaints lodged with MCMC

Screenshots was made to understand that a KL-based technology publisher has written a letter of complaint to the MCMC, pointing out the futility of TM's action.

These are the reasons the company cited, arguing that TM's methodology will NOT prevent spamming, but will pose a real and genuine threat to the privacy of Streamyx users.

Using open-relay proxy SMTP is not an option as there are a lot of email servers that would reject any emails sent from an open-relay SMTP server (such as the one suggested by TMNet-Streamyx) and this would mean that our legitimate emails would be blocked.
What’s the point of implementing the blocking of Port 25 and yet have this open-relay SMTP proxy to be used? This would just allow spammers to flood this open relay proxy. In turn, this server would then be included into international RBLs and our legitimate emails would be blocked.
If our emails are being proxied through this open relay server, what is the security, audit and privacy standards are in put place to assure users like us that our emails would NOT BE STORED on their server and WOULD NOT BE READ or SNIFFED at all. Our privacy is at stake here.
And in any case that this open relay SMTP proxy server is down, how can we send out our emails then? What are the SLAs that is in place for this proxy server? Why penalise us users when we PAY MONEY for our own SMTP server to avoid being caught by our dear ISP’s ‘reliability’ in the first place?
For mobile users who hops around Internet connections, from home Streamyx to public WiFi such as from Starbucks and etc, always changing the SMTP settings aren’t exactly a consumer friendly solution.

Way found to circumvent TM Net proxy

Meanwhile, a Screenshots reader emailed to say that his company has discovered a way to easily circumvent this "block" merely by changing ( 1 ) the port that your mail server listens to, and ( 2 ) the outbound port your e-mail client uses.

What this implies is that, sorry to say, TM Net's proxy server relay is actually useless.

"Any decent spammer will be able to circumvent the block and resume spamming in a matter of minutes," the reader said in his email.."As far as spam-blocking is concerned, this is a dead-end."

So, now the million dollar question. Why would TM and TM Net ask everyone to use their open relay proxy server?

Someone from MCMC and whoever is in charge of Content, Consumer and Network Security (OK, add Trust & Governance) has a prickly question to answer.

Take action. Don't just look into it the Amarjit way.

Comments

All I get is spam from Streamyx. And obviously people use their streamyx accounts to send out spam too or "email blasts". I don't blame the anti-spam organisations.

Posted by: pigduck | December 4, 2007 09:48 AM

Let me get this right... does this only affect mail servers OUTSIDE Malaysia or both outside and inside?

I have my own mail server hosted by a local web hosting company and so far their SMTP server are working and are not blocked.

Posted by: Jules | December 4, 2007 09:53 AM

Now can the Government see the impact for allowing some GLCs to monopoly in some sectors especially public facilities?

People have no other choice! So once problem occurred, everybody suffer.

Enjoy! Malaysia Boleh!

Posted by: Jovis Low | December 4, 2007 10:37 AM

Oh yeah, I just got an email notification from my local web hoster informing me that they have created another SMTP port for affected users like us to use. They have asked us to change the port to the port that they have created.

So I guess TM's blocking is a waste of time!

Posted by: Jules | December 4, 2007 10:47 AM

Meanwhile, a Screenshots reader emailed to say that his company has discovered a way to easily circumvent this "block" merely by changing ( 1 ) the port that your mail server listens to, and ( 2 ) the outbound port your e-mail client uses.
------------------------
I think this is wrong. Your email server (if using Streamyx also), require to use port 25 to send out the mail to other part of the world. Unless you ask everyone in the world wide world to change port too?

Posted by: Jonnie | December 4, 2007 11:46 AM

Cel-con broadband too! Everytime you call Celcom Careline, the ads "enjoy hassle free connectivity anytime anywhere..." will bug you to death!

But... i am actually paying RM96 every month (RM130 and RM103.95 a few months ago - thank you Celcom for reducing the monthly fees) just to be bullied by their damn torturing service!

Complaint? i can remember the chronicles of my futile stupid calls to Celcom Careline.

Please dont forget and spread the word about Jalan-jalan cari makan, beli-belah this Saturday.

Jumpa di sanaa!

Posted by: penarikbeca | December 4, 2007 12:43 PM

If TM really want to pry into your SMTP stream, they can always listen to your connection and flag port 25 messages, since they are also the ISP. So the privacy concerns are really pre-existing (do you trust TM or not).

Also - if you really want privacy - perhaps you should also make sure your external SMTP server supports SSL which is usually on port 465. The TM's circular does not say they will also block port 465.

The real concern will probably be -- can TM SMTP servers/relays handle all the port 25 SMTP load reliably?

Posted by: Andrew | December 4, 2007 12:52 PM

Dear Jeff

I was absolutely mad with my webhosting provider until someone told me to read your blog. Now, I feel so sorry for blasting the people who attended to me. I offer them my sincere apologies.

It’s beyond my comprehension why TM gave such short notice. How I hope TM has considered the people, people, people it touches before it implemented this action. It has caused great inconvenience to customers like me, raised my blood pressure, caused me to wrongfully blame the webhosting company, and made the support team work under undue pressure.

Now, after reading this blog post, I have more worries and anxieties over fraud and loss or privacy. I beg TM to quickly come out and reassure its customers.

Posted by: KimChow | December 4, 2007 12:54 PM

I just "happen" to be a Comcast tech support who reads Screenshots. Comcast hasn't blocked port 25 completely, some customers are still using it. But non-spammers who do get issues with port 25 are advised to switch to port 587. Maybe that can be applied to TM Net as well?

Posted by: flieger356 | December 4, 2007 01:01 PM

i wonder does this affect celcom's data service as well since its still pretty much under TmNut's

Posted by: peterlim | December 4, 2007 01:57 PM

Hi Jonnie,

> I think this is wrong. Your
> email server (if using Streamyx
> also), require to use port 25 to
> send out the mail to other part
> of the world. Unless you ask
> everyone in the world wide world
> to change port too?

You can configure your mail server to listen on any port, and no.. instructing the mail client to use a different port won't affect other users in the world.

Regards,
yc

Posted by: yc | December 4, 2007 02:28 PM

Comcast

Dear Jeff I am not sure whom the person is you were speaking of, and maybe they are correct, however you know who I am and I am currently back living in the US

JEFF OOI says: Welcome back my friend. It's been a long long while, and I do miss your commentaries on tough issues you and I commonly faced when you were in Malaysia. Keep in touch.

and we have Comcast here in Memphis Tennessee as well as our place up in Minneapolis Minnesota and yes they in fact do block port 25 and under no circumstances can we get it unblocked unless we are willing to change from the residential account of $29 a month to the business account of more then $300 a month for the service. My company uses it’s own SMTP servers and we have not been allowed to access them and have been told in writing from Comcast what I have stated above. Also we are limited because of this of only sending emails that are no more then 8 MB in size.

Comcast is not the only one, so does AT&T, Time Warner, AOL and Sprint networks. I know this because this is a very sore issue with me and my family. We do not understand their logic at all on how this blocks spam. The spam lists that Streamyx talks about are usually ran by various people and organizations. My company was blocked by one of these lists and we had problems for about 2 months because we never sent any spam but our Web Host provider’s servers had a few people whom did send spam. Thus they blacklisted all accounts that came from our provider. They said our provider had to comply to their outlines and another company that we later were blocked by said the same thing and also that we had to donate a certain amount to a charity. I will be very happy to send you the information regarding these black list companies, one of them is located in Russia and ran b a man who is 24 years old and decided to conduct such a list to provide to companies who wanted to subscribe to them.

JEFF OOI says: Keep the list coming. You have my email address.

I think what Streamyx is doing is VERY wrong but I just wanted to highlight that Comcast does in fact block it. We know of around 150 people more or less who use Comcast throughout the US and every single one of them has port 25 blocked.

Posted by: rmo | December 4, 2007 05:34 PM

i dont think its spiced ham they are after.

Posted by: nyc | December 4, 2007 05:46 PM

I have just tested my smtp with port 25, everything seems to work fine though. Oddly port 587 that I used previously (as automated assigned by OSX Mail) have not been working.

Damn monopoly!

Posted by: angryyoungman | December 4, 2007 08:03 PM

INTERNET does not operate in a legal vacuum.
Read this before you post a comment in this blog!

Screenshots

Thinking Allowed. Thinking Aloud.

Customers cry foul over TM Net mail proxy server

TrackBack

Comments

Post a comment