ietf-asrg
[Top] [All Lists]

Re: [Asrg] Spam is a security problem

2003-03-15 13:51:53
At 03:09 PM 3/15/2003 -0500, you wrote:

I'm not denying that these are good ideas. And they probably go more towards hurting spammers than things like filtering--which the spammers never see. As a tool that aids in driving spammers off-shore and to fixed locations, they seem good. And like most things--that makes them a part of a solution, not the solution itself (I know, you weren't claming that.)

All the best results I know of from relay spam honeypots have been offshore systems (280 million, 220 million, Moscow.) There is _nowhere_ for the spammers to escape, if they use abuse to send their spam. The better the domain is for them in terms of having abusable systems the better it is to set up a fake in that domain. Some of us self-nominate ourselves to open relay blocklists - many spammers look there to find open relays. The overall goal (for me) is for there to be no reliable list anywhere of open relays the spammers can safely abuse. That would mean that any list would be unsafe for them to use, and "unsafe" means riddled with fake entries. Block me, I don't mind - I don't send anything anyway. I just run sinks for relay messages (plus occasionally deliver a relay test to a spammer.)

There are very good relay spam honeypots from US systems - those are also quite useful.

Fixed locations are the bread-and-butter of blocklists.

Yes - part of the solution. And don't lose sight of the fact that the top-level management of many domains can handle the illicit traffic to ports that are abused - the action taken does not have to be at the individual IP level. While it is at the individual level home operators can be significant fighters against spam. Or managers in university departments - that's what I was when i started.

I'm still just trapping crud from 210.85.168.26 but others might get better stuff. It would probably different if I delivered the relay tests - I captured one from axis.software.powerinternetcr.com [216.25.173.15] on my home system today. Nice rap sheet: http://openrbl.org/ip/216/25/173/15.htm

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg