Home page logo
/

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: Roeland Meyer <rmeyer () mhsc com>
Date: Wed, 23 May 2001 16:51:06 -0700


From: David Schwartz [mailto:davids () webmaster com]
Sent: Wednesday, May 23, 2001 4:18 PM

I'm getting seriously confused here. I thought that the
open-relay issue was irelevent to MAPS.

      No.

I hate to be pendantic here, but from your own email and what other sources
have told me, this is inaccurate. MAPS does NOT do pre-emptive open-relay
testing. I consider this to be a very important distinction. If I thought
this was the case, I would stop using MAPS five minutes ago.

That MAPS only black-holed confirmed SPAM
sites (a little
tougher, but more granular, charter).

      Yes, but open relays can easily become confirmed SPAM 
sites. All that has
to happen is one spammer chooses to use that particular open relay.

That is orthogonal to the point.

      I hope this qualifies as clarification.

This was actually the type of post that was muddying the waters quite
severely. So no, it does not qualify as clarification. From other sources,
and what I originally knew to be true, if MAPS blocks an open-relay, it is
entirely incidental to the fact that it was a PROVEN spam origination point.
Open relays that are NOT used by spammers never make it into MAPS. Ergo, a
site's open-relay status is irrelevent to MAPS.

I'm only interested in spanking spammers, not innocents, at any clue level.
In the PURE war, one ONLY shoots confirmed bad-guys and has ZERO collateral
damage.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]