I.  Two Types of Spam

When looking at the spam issue, one must consider not only the incoming spam that pollutes the mailboxes of Cox High Speed Internet users, but also the spam that is generated by computer systems on the Cox High Speed Network (outgoing spam).  While incoming spam is a nuisance for our customers, outgoing spam can be equally problematic.  Other Internet users and ISPs (Internet Service Providers) maintain lists of ISPs that generate the most spam.  Some will blacklist those networks that generate the most spam so that no mail coming from the blacklisted ISP is accepted.  In order to make sure that your outgoing email reaches its intended destination, Cox must control the amount of outgoing spam generated on our network.

II. Methods for Controlling Incoming Spam

If a customer receives an unsolicited commercial email (spam message), they may report the sender to the Internet Service Provider where the message originated.  There are several websites that detail how to determine where a message originated and some will assist you with reporting them to the proper providers. 

In April, Cox is launching a network-based anti-spam solution that will integrate with our email platform.  This will allow us to recognize and block spam from known spammers using rules-based methods and also white or black lists.  Also, Cox already offers McAfee Security products including their popular SpamKiller product, which can help customers to eliminate spam from their inboxes. 

III.  Incoming Spam FAQs

1.  What is this new anti-spam technology that Cox is launching?  Cox will soon offer a new tool to help customers stop spam. Cox is in the process of installing more than 100 new servers across the country that will allow us to offer you e-mail filtering for spam and viruses at not additional charge.  Our new network-based anti-spam solution will give you the power to control what enters your Cox.net email box.  You will be able to opt-in for one of two levels of filtering.  You can have messages identified as spam trashed so you never see them.  Or, you can flag messages as spam and review them later.  If you choose not to use our spam filters, you’ll keep receiving your e-mail the same way you currently do. 

2.  What technology is involved in the new anti-spam measures?  Cox will be deploying Brightmail Anti-Spam with BrightSig^TM technology that offers spam protection at the messaging gateway, before it reaches customers.  The Brightmail anti-spam solution is deployed by some of the world’s largest Internet service providers and will help Cox to greatly improve our Cox High Speed Internet customers’ experience by significantly reducing the amount of unwanted email that reaches their inboxes.

• Brightmail is incredibly accurate in identifying spam email with a false-positive rate of 1 in 1 million messages.

• Brightmail is greater than 90% effective in eliminating spam.

3. Why is it taking so long? I would like to have this filtering now.  We have been working since June 2003 to bring you spam and e-mail virus filtering.  While we built our infrastructure to support this massive undertaking, we worked to carefully construct the system to be sure that the e-mail you want to reach you always does.  We’re working hard to be sure that we offer spam filtering that gives our customers the flexibility they expect while not impacting our current e-mail system.

4.  Is Cox also offering some new anti-virus protection?  Yes, Cox is simultaneously implementing new e-mail anti-virus filters that will help to better protect you from destructive Internet viruses that spread via email.  Our new e-mail anti-virus system will scan and clean messages sent to you in email, removing known viruses that may be attached.  In instances when an infected attachment or virus cannot be cleaned, the email will be stripped and you will receive a message stating that the email could not be delivered to you due to a virus. 

5.  Cox is currently offering McAfee SpamKiller and VirusScan Online for an additional monthly charge.  Will Cox continue to offer these McAfee products?  Cox will continue to offer a suite of McAfee Security products to our customers as optional services that they may enjoy.  Customers may find that a program like McAfee SpamKiller better suits their blocking needs, or they might need filtering to block spam on non-cox.net accounts.  While our e-mail anti-virus protection will stop viruses transmitted by incoming e-mail, VirusScan Online will protect your entire computer from viruses, including ones transmitted by websites or in shared files and disks. Each McAfee Security product sold by Cox has useful features that are complimentary to their Cox High Speed Internet service and may help customers to improve their experience online. 

6.  Will Cox be issuing refunds to customers who’ve purchased McAfee Security’s SpamKiller or VirusScan Online from Cox since they won’t need these services once Cox’s network based anti-spam and anti-virus solutions are available?  Cox will not be issuing refunds to customers for the McAfee products/services they have purchased.  Customers may find that a program like McAfee SpamKiller better suits their blocking needs, or they might need filtering to block spam on non-cox.net accounts.  While our e-mail anti-virus protection will stop viruses transmitted by incoming e-mail, VirusScan Online will protect your entire computer from viruses, including ones transmitted by websites or in shared files and disks. Each McAfee Security product sold by Cox has useful features that are complimentary to their Cox High Speed Internet Experience.  Those customers who no longer wish to subscribe to McAfee services may change their service subscriptions.  We expect that customers will still enjoy the McAfee Security products offered by Cox.  Both SpamKiller and VirusScan online have benefits and features that customers may still find useful – even with Cox’s network based anti-spam and anti-virus solutions providing the first line of defense.

7.  I am currently using an anti-spam or anti-virus product that I bought at retail; do I still need to employ these products?    Cox’s new server-based anti-spam and e-mail anti-virus solutions will significantly enhance your experience with Cox High Speed Internet by reducing spam and providing you greater protection from viruses.  However, you may still find that having a second layer of defense and the additional features/controls offered from a 3^rd-party vendor, like McAfee Security or others, is useful.

8: I’m getting spam even though I have never given out my address.  Is Cox selling my information?  We do not sell our customers’ e-mail addresses.  Sometimes spammers will try lists of common names or words in different combinations to locate an active e-mail address.  For more information, please review our Privacy Policy.  To learn more about how to reduce spam, please review our article on Unsolicited Commercial E-Mail (http://support.cox.net/custsup/safety/spam.shtml).

9: I’m still receiving spam.  How do I stop it?  Avoid placing your email address on Web sites or newsgroups. When providing your email address to third parties, verify their Privacy Policy to determine if they sell your information and what you can do to prevent it. Only provide your email address to trusted parties.  You should also consider commercial Spam-blocking software like McAfee Security’s SpamKiller, which is available via Cox.

10:  I heard that Cox does business with DoubleClick; doesn’t this mean that Cox has given my email address to spammers?  Although Cox has worked with DoubleClick in the execution of some email campaigns, we have never sold any of our customers email addresses to DoubleClick or any other party.  If you have opted in to receive special offer email communications through one of Cox’s marketing programs, or if you are a Cox High Speed Internet customer, Cox may send you messages with vendor assistance from a company such as DoubleClick.  However, these messages would be of specific relevance to the receipt of services from Cox or feature selected, value-added benefits that are relevant to you.  Our third party vendors and partners are not authorized to send Cox customers any additional messages or offers.

Cox takes the privacy of our customers very seriously.  Our Online Privacy Policy may be viewed at http://www.cox.com/policy/.  If you believe that one of Cox’s third party affiliates is in violation of this policy, you should report the suspected abuse to privacy@cox.com so that we may investigate.

11: How will I know when Spam filtering is available?  Watch for additional information on our Cox.net Start Pages for information on when spam and e-mail virus filtering will be available in your area.

The below information is found in Cox’s Acceptable Use Policy (AUP), expressly prohibiting the use of the Cox High Speed Internet connection to generate spam.  The accounts of customers who violate Cox’s anti-spam policy may be suspended or terminated.

You may not use the Service to send unsolicited bulk or commercial e-mail messages ("spam"). Any unsolicited e-mail must also not direct the recipient to any web site or other resource that uses the Service. The Service may not be used to collect responses from unsolicited e-mail sent from accounts on other Internet hosts or e-mail services that violates this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.

Cox continuously reviews the feedback emailed to our Security & Abuse Team regarding the amount of spam generated by computers on our network.  Based on review of this feedback in July, 2003, Cox determined it necessary to implement new procedures to prevent outgoing spam so that Cox could avoid being blacklisted by other ISPs.   

To reduce unsolicited bulk email sent on our Cox High Speed Internet network, Cox instituted outbound SMTP traffic filtering (port 25 filtering).  Currently Cox also filters all inbound SMTP traffic in an effort to protect unsecured computers on the network from being used as mail relay by potential spammers.

• The outbound SMTP traffic blocking security measure is designed to protect Internet users and the Cox High Speed Internet network.  The vast majority of customers are not affected by this practice in any way.  However, a small number of customers who use e-mail addresses outside of the @cox.net domain and who do not currently have their SMTP servers set for Cox mail servers do need to change their settings.  The requirement that Cox servers be used for all outgoing mail is simply so that Cox can observe and control spammers by removing them from the network. 

• Outbound SMTP traffic blocking is quickly becoming an industry standard.  Other ISPs who block port 25 include Bellsouth, Earthlink, Mindspring, Verizon, and MSN.

• Since the implementation of the port 25 blocking procedure, Cox has seen significant decreases in the residential Cox High Speed Internet complaint counts for different abuse types impacted by the port 25 blocking.  Port scanning complaints decreased by 36%, virus complaints by 41%, spam complaints by 52%, and open proxy by more than 78%. 

• Port 25 blocking also helped to control the impact viruses that have polluted the network by preventing their spread via email routing through port 25.   
   

V.  Outgoing Spam FAQs:

1:  Which ports does Cox currently block or filter?  Cox presently blocks Port 25 (both directions except for access to Cox HSI provided mail servers), port 80 (inbound), port 135 (both directions), Ports 136-139 (both directions), Port 445 (both directions), Port 1433 (inbound), Port 1434 (inbound), Port 1900 (both directions) and Port 27374 (both directions).  Information on blocked ports is kept updated on support.cox.com.  

2:  Does Cox block or filter port 25?  Yes, Cox blocks all network traffic from residential customer IP addresses going outbound on port 25 (SMTP) at our routers, unless it is being sent to a Cox HSI SMTP server. 

3:  Does the outbound blocking of port 25 mean that Cox customers have to use their @cox.net email addresses for everything they send?  No.  Customers can use any valid e-mail address, but the email sent from their Cox High Speed Internet connection must be routed through a Cox SMTP server.

4.  What are the correct SMTP server settings to use on the Cox High Speed Internet Service?  Correct SMTP server settings for your location are found here. 

5.  Why does Cox block outgoing mail from use of port 25?  The filter of port 25 drastically reduces the number of spam and virus emails originating from our customers machines.  Cox had to take this action in order to ensure that a few bulk e-mailers or virus disseminators did not result in the entire Cox.net domain being blacklisted by other Internet Service Providers. 

6.  Other ISPs don’t block outbound use of port 25, why does Cox?  Although some ISPs may currently allow the use of third party outgoing mail servers, it is important to note that other providers such as MSN, Earthlink, Mindspring, Verizon, and BellSouth do block outbound use of port 25.  We believe that this is quickly becoming an industry standard among ISPs to help control the volume of outgoing spam and the dissemination of viruses.  As the problem of spam continues to proliferate, we believe that other ISPs will implement this and similar blocks.

7.  How does the filter of port 25 help with the problem of spam?  Typically, when a customer sends an email, it is routed to a cox.net mail server (e.g. smtp.west.cox.net), and the Cox server relays it to the recipient’s server.  Spammers and modern mass mailer viruses commonly bypass the cox.net mail servers.  They send mail directly from their computer to others’ mail servers without routing it through a cox.net mail server.  The filter of port 25 prevents spammers from bypassing cox.net mail servers and delivering spam directly to Internet users.  Also, this filter can prevent some viruses from propagating at all.

8.  Does the filter of port 25 hinder customers’ ability to send email?  The filter of port 25 does not impact the vast majority of Cox customers, only the small percentage of customers who use third party mail servers.  Any software configured to use an SMTP server other than smtp.*.cox.net to deliver email directly to a recipient’s server will not work.  An indication of this problem may be a message similar to this in the customer’s mail client.

A time-out occurred while communicating with the server.  Account:  ‘otheraccount.othersisp.com’, Server: ‘othersmtp.com’, Protocol:  SMTP, Port 25, Secure (SSL):  No, error Number:  0x800CCC19

Customers using third party email services must configure their email clients to use smtp.*.cox.net to send outbound email.  Please remember that operating an email or other server on a residential Cox High Speed Internet connection is a violation of our Acceptable Use Policy found at http://www.cox.com/iNetIncludes/policy/acceptable.asp

9.  Some Cox customers use a laptop at both home and office.  The port 25 filter forces some of these customers to change email settings when checking work email from home.  What is Cox’s solution for this?  Many customers in this situation have been able to use a VPN (virtual private network) connection to access their email without having to change settings.  Another solution may be to use web-based email applications where applicable.  A third option is to simply adjust the setting when working from home; this is typically a one-line entry within the e-mail client on the computer.

10. Does the filter of port 25 affect web-based email services?  No, customers may continue to use Cox High Speed Internet WebMail, or services like HotMail and Yahoo mail as they always have.   

11. Does the filtering of Port 25 outbound affect the receipt of inbound email?  No.  This does not affect retrieval of inbound email from any service.

12: I pay for my own domain name so I can send personal e-mail through that server.  Is Cox blocking this legitimate use?  We understand that some customers have vanity domain names; Cox does not prevent customers from using their personal domain names.  To ensure your ability to send email from your personal domain such that the recipient sees a non-cox.net email address as the “from” or “reply to” address, your mail client must be set to a Cox outgoing mail server.  The domain used in any such address must have an MX record that can be resolved by Cox DNS servers (i.e. mac.com, yourdomain.com). These settings are transparent to email recipients, and will not impact your ability to receive email.  If you have a business requirement to bypass the Cox mail servers, please contact Cox Business Services for additional options.  

13: Does Cox read my mail?  No.  We respect your privacy and do not read any email messages, instant messages, online chats, or the content of other online communications that reside on or pass through our Service. If you would like more detailed information, please review our Privacy Policy that can be found on http://www.cox.com/INETIncludes/Policy/privacy.asp. 

VI.  CAN-Spam Act FAQs:

Q1.  What is the CAN-Spam Act?  The CAN-Spam Act, effective January 1, 2004, preempts all State spam statutes and places a series of requirements on commercial email, “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” 

 The act requires companies that send or initiate commercial email to:

• Refrain from using a misleading subject heading
• Provide in each message a valid return email or Internet-based reply address
• Provide in each message a physical postal address in the text
• Provide a conspicuous notice that it is an advertisement or solicitation
• Include a notice explaining how recipients can prevent the transmission of future messages by using the sender’s return email address or Internet-based reply address and honoring such requests within 10 days
• Refrain from selling or exchanging the email address of any recipient who has made an “opt-out” request

Businesses are permitted to send “transactional or relationship messages to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into.”  This is intended to be a very narrow exception and would include warranty, recall, safety or security information regarding a product previously purchased, periodic account statements and the like.  “Transactional or relationship” messages may also contain content promoting a product or service unrelated to a previous transaction if ancillary to the primary purpose of the communication.

A safe harbor exists for companies that have reasonable compliance practices and make good faith compliance efforts.  The Act also requires the FTC to study the creation of a nationwide “do-not-email” registry similar to its “do-not-call” list.

Q2.  How does the CAN-Spam Act impact Cox High Speed Internet Customers? 
It is widely recognized that government efforts to prevent spam will be difficult.  Early legislation on this issue by various States and other nations has been criticized as being difficult to enforce and police. Many spammers are very crafty in their techniques and are difficult to trace.  Nevertheless, Cox supports federal efforts to establish laws such as the CAN-Spam Act, which includes penalties for spammers.  Cox also looks forward to advent of policing methods and technologies that will see a reduction in unwanted email that is a nuisance to customers and costly to their productivity.  Cox High Speed Internet Customers are already prohibited from sending spam in the CHSI Acceptable Use Policy, which may be viewed at http://www.cox.com/policy/#Acceptable_Use_Policy.