At 03:09 PM 3/15/2003 -0500, you wrote:
I'm not denying that these are good ideas. And they probably go more
towards hurting spammers than things like filtering--which the spammers
never see. As a tool that aids in driving spammers off-shore and to fixed
locations, they seem good. And like most things--that makes them a part
of a solution, not the solution itself (I know, you weren't claming that.)
All the best results I know of from relay spam honeypots have been offshore
systems (280 million, 220 million, Moscow.) There is _nowhere_ for the
spammers to escape, if they use abuse to send their spam. The better the
domain is for them in terms of having abusable systems the better it is to
set up a fake in that domain. Some of us self-nominate ourselves to open
relay blocklists - many spammers look there to find open relays. The
overall goal (for me) is for there to be no reliable list anywhere of open
relays the spammers can safely abuse. That would mean that any list would
be unsafe for them to use, and "unsafe" means riddled with fake
entries. Block me, I don't mind - I don't send anything anyway. I just
run sinks for relay messages (plus occasionally deliver a relay test to a
spammer.)
There are very good relay spam honeypots from US systems - those are also
quite useful.
Fixed locations are the bread-and-butter of blocklists.
Yes - part of the solution. And don't lose sight of the fact that the
top-level management of many domains can handle the illicit traffic to
ports that are abused - the action taken does not have to be at the
individual IP level. While it is at the individual level home operators
can be significant fighters against spam. Or managers in university
departments - that's what I was when i started.
I'm still just trapping crud from 210.85.168.26 but others might get better
stuff. It would probably different if I delivered the relay tests - I
captured one from axis.software.powerinternetcr.com [216.25.173.15] on my
home system today. Nice rap sheet: http://openrbl.org/ip/216/25/173/15.htm
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg