Re: Attacking the throwaway-domain problem

wayne writes:
> I'm not sure that DNSBLs are that much worse today than they have been
> in the past.  Granted, criminal DDoS attacks have killed several of
> them and caused SPEWS to be relocated from osirusoft.  Personally, I
> take this as an indication of desperation by spammers and a sign that
> DNSBLs *do* work.
DNSBLs *do* work -- but with a very high rate of false positives.

> Spammer created email worms that turn machines into open proxies has
> also caused a flood of new IP addresses, but there was also a time
> when new ways of tricking old MTAs into becoming open relays would
> also create a flood of new IP addresses to block.  The problem with
> these new open proxies will most likely have to be solved by the
> efforts of ISPs.  Still, it appears that the open proxy DNSBLs are
> catching the IPs soon after they are used.
And proxy-listing BLs also work -- but they miss a lot of proxies,
because the new trojan-dropped open proxy servers are not
as easy to find (they use semi-random port allocation).  Portscanning
every machine in a network range is still considered abuse,
so for the "good guys" to find these machines is still hard.

--j.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

pgprdSIVFlRuV.pgp
Description: PGP signature