Telewest, a major ISP in the UK, has been spanked by the SPEWS blacklist. According to this report from the BBC, Telewest was aware of the situation, and had been notifying customers that they needed to clean up their PCs, which according to Telewest has been “a time-consuming task.” SPEWS nonetheless blocked roughly 900,000 IP addresses.
This brings up two questions in my mind:
1) Do blacklists need some outside supervision regarding how they disseminate information regarding potential offenses, and how they respond?
2) Why couldn’t Telewest just disconnect the zombied machines from their network, like has been done down in Australia, and then assist their infected customers? That would have prevented knocking out all the UNINFECTED customers.
Technology is great for solving problems, but I think there is a communication gap here that needs addressing.
Brian McWilliams has noted a correction on the SPEWS/Telewest story that has been covered all over. As Brian notes:
The reports “universally fail to note that Blueyonder’s mail servers are NOT among the nearly one million IP addresses on the Spews blacklist. As a result, there should be little practical impact on Blueyonder users’ ability to send and receive email using the service.”
“In other words, the only collateral damage from this blockade is the negative PR for Telewest’s zombie problem.”
Of course, the second point is worth emphasis, as an unknown zombie problem is scarier to me than a known one.