On February 26, 2007 at approximately 9:45 am, Comcast blacklisted the server of Shoestring Solutions, a small web host based in Atlanta, GA. The victim server is a dedicated server over which the victim had complete control. The following is a timeline of the victim’s actions to remove the block. (All times EST)

21:55 – confirmed Comcast block. Submitted first of three requests to Comcast to be removed from blacklist via Comcast’s established procedures.

23:05, 00:07 & 01:07 – received three denials of request to be removed from blacklist

23:55 – Enlisted help of server tech support to compile stats regarding spam originating from server

2/27/07

02:53 – server tech support reports that block occurred on 2/26 at approx. 09:45. Stats show that approx. 460 emails went from server to Comcast in 29-hour period prior to block (avg. 16/hour). Includes both legitimate and spam email, with none originating on server but simply being passed through email addresses of hosted domains.

03:54 – submitted email request to general tech support

04:00 – called Comcast support (404-266-2278). “John” said that he would pass support request to proper department after 6 am (dept. opens 7:30). Also provided Tier 2 support # – 877-561-9324

04:16 – received canned response; sent additional info (no response to date)

12:57 – Called Tier 2 support. Referred by barely understandable female with thick accent to blacklist_comcastnet@cable.comcast.com.

13:37 – sent blacklist removal request to blacklist_comcastnet@cable.comcast.com.
15:31 – second second removal request

16:30 – called Tier 2 support. Told that response could take “24 to 78 hours.”

16:30 – sent third request to blacklist_comcastnet@cable.comcast.com

2/28/07

14:12 – sent fourth request by email

17:06 – confirmed continued block

3/1/07

11:45 – Called Tier 2 support again; spoke to “Andrew.” Transferred to Customer Security Assurance and Legal Response division, which is an endless voicemail loop with no way to file a blacklist removal request. Voicemail refers callers back to blacklist_comcastnet@cable.comcast.com.

11:50 – Called Tier 2 support again; spoke to “Orlando,” who refused to honor request to speak to supervisor. Sent us to same voicemail loop.

12:08 – Called Tier 2 support again. Female with thick accent provided direct # to abuse dept. (856-317-7272). Asked for supervisor; was placed on hold for 12 minutes. Told that supervisor was unavailable; placed on hold for five minutes. Final refusal to allow conversation with supervisor.

12:27 – sent fifth removal request by email

13:04 to 13:41 – sent email request for assistance to several Comcast corporate email addresses, public relations contacts; also to reporters who have written about blacklisting problem in past. Also posted details to Comcast support forums.

15:30 – interviewed by Chicago-area newspaper. Story expected

16:23 – call received from Shanti, local rep of Comcast corporate, who had been instructed to follow up as a result of one of our email complaints (probably to esl_corp@cable.comcast.com). She provided her direct line (770-559-7128) and committed to facilitating communication with support.

17:28 – received email inquiry from local media. Responded

17:36 – contacted by email from Customer Security Assurance (CSA, CSA_admin@cable.comcast.com). Contact initiated by Shanti; however, CSA would only provide phone number to CSA Voicemail Hell.
17:38 – email from same source, asking for IP address

18:55 – phone call from Paul, CSA, who began investigation. Assigned ticket #2714541. Provided email for Symantec/BrightMail (investigation@review.symantec.com) although he said that a phone call to CSA Voicemail Hell would get a faster response (14 to 24 hours).

Paul said that our server was not blacklisted, but an entire range of IPs in which our server IP is located was blacklisted due to spam activity apparently associated with the domain GELINJANG.INFO. Because of range block, Paul was not authorized by Symantec to unlist our IP alone. He asked that we investigate the offending domain with our server host and contact CSA via Voicemail Hell (14 hour response… “things are slow right now…”).

19:11 – Paul called back, said that he expected to see Symantec tech in morning and would proactively address issue then.

20:28 – sent email update to Shoestring hosting clients

3/2/07

00:15 – received notification from server host that offending domain has been removed from IP range.

19:00 – Have not received any feedback from Paul. Left voice mail at 856-317-7272 with details regarding offending domain and another request for IP to be removed from blacklist.

3/3/07

18:05 – call from Yvonne, CSA, at 856-638-4000. She called to acknowledge voice mail; indicated that nothing would be done until Monday PM when Paul returns to work. Can call her at 856-638-4044 after 10:00 ET if no resolution by then.

3/5/07

08:45 – blacklist block still in place

11:25 – Left voicemail for Yvonne, number above, asking her to follow up, to make case her priority for the day.

15:41 – Received call from Paul, CSA. He said that mail was blocked due to high spam flow from GELINJANG.INFO, which was hosted in the same IP range as our server. He said that the “mail guys” would not even consider lifting block until the activity was stopped. Replied that a voice was left for him on 3/2/07 notifying him that the offending domain had been dumped by the host.

After a minute on hold, he returned to say that he would put in a request for the block to be lifted, but that it could take “at least a day” for it to be removed.

[Apparently, Paul did nothing between our conversation on 3/1 at 19:11 and this phone call. Another day was lost waiting for Paul, apparently an evening shift technician, to come back to work.

15:52 – left voice mail for Shanti, updating her on lack of progress

16:38 – Below email sent to csa_admin@cable.comcast.net and esl_corp@cable.comcast.net:

To whom it may concern:

To date, Comcast has failed to resolve the blacklisting issue described in your CSA ticket #2714541 and documented by me online at www.shoestringwebs.com/comcast.htm.

My server continues to be blacklisted for sending email to Comcast servers; it has been blocked since 2/26 9:45 am even after it has been shown to Comcast representatives that the problem was not associated with my server nor any domain on it, but with another domain on a server in the same IP range; a domain that has been prevented from sending since at least 3/2/07 at 12:15 am.

In my latest contact with Comcast, a phone call from Paul in Customer Security Assurance, I learned not only that Comcast has failed to respond despite having the above information for three days, but that it may take “at least a day” for the block to be removed, if it is removed at all.

Because of Comcast’s lack of response and because I have little recourse otherwise, I will continue my efforts to publicize this situation so that my 900 clients who are also Comcast customers, as well as others will come to understand the depth of Comcast’s failure and act accordingly.

17:01 – received following reply:

This has been sent to our mail team for a removal of your IP from the blacklist.

Paul spoke with you earlier today about this request from you.

Please make note that the removal may take up to 24 hours and stated in your conversation with Paul.

Thank you,

CSA

3/6/07

12 noon – confirmed by email that blacklisting still in place

18:52 – block confirmed lifted.

3/7/07

11:58 – received call from John, a local supervisor, to follow-up on issue. He said that blacklisting occurs “at the national level” and that local Comcast representatives have no more influence in blacklisting issues than do Comcast customers. At the “national level,” CSA technicians can do no more than submit an email or leave a voicemail for Symantec/Brightmail to resolve blacklisting issues.

John said that unresolved blacklisting issues are often escalated to him because the current public process is often ineffective. For that reason, he has collected direct contacts within the system to help resolve problems.

Posted on March 6