ietf
[Top] [All Lists]

RE: namedroppers, continued

2003-01-07 16:09:26
Doug wrote:
...
After examining the headers of many of the spam advertisments 
I get and trying to contact the administrator of the network 
it came from I find that it is usually futile because the 
network doesn't exist and the IP information is incorrect. I 
also find that most use false sender and reply address 
information (in an attempt to keep recipiants from filtering 
them). This makes it hard (at least for me) to do anything 
about them. I have experimented with filters for subject 
wording but this unfortunately hits on some of my wanted 
email as well. This reduces my ability to to block them on 
the receiving end. Even if I could it doesn't help the net 
congestion they cause or do anything about the processing 
time it is using across the net. These things leads me to 
propose that a more global solution needs to be implemented. 
The problem here is that when you bring this up for 
discussion in a professional environment like this one people 
don't want to discuss it. Instead they consider it a problem 
that has no solution and just want to forget about it.

An approach that is more effective than scanning for content is to
simply block connections from the last hop in the SMTP chain before
yours. This kills both direct spammers as well as open relays. The list
can be long (mine is ~ 256 /24's for a private little mailer), but that
is a tradeoff against how much space you want to block at a time. On
several occasions I have considered putting in 61/8, 200/6, & 210/7,
because that would remove 3/4 of the list, but that also creates a
guilt-by-association for people with no control over their address space
or those who are abusing it. 

While this approach avoids having the content traverse the wire, some of
the machines are tenacious, as yesterday's log shows. 
http://www.tndh.net/~tony/ietf/2003-01-05-log.txt

Tony