Firewall Wizards mailing list archives

Re: regarding spam...

From: Rick Murphy <rmurphy () mitretek org>
Date: Tue, 02 Apr 2002 07:51:48 -0500

At 04:22 PM 4/1/2002 -0800, Crispin Cowan wrote:

What WOULD hurt the spammers is a spam filter designed to be deployed asan EGRESS filter for large domains. I get an obnoxious amount of spam fromthe same domains time and time again. Some of them are free webmailservers (hotmail.com, yahoo.com, mail.com, etc.) while others are obscureAsian ISPs (263.net comes to mind). The clear pattern that emerges is:


I'll bet you get almost *no* spam from hotmail or yahoo.

What you get is lots of spam forging hotmail, yahoo, msn, etc. I fix thatby using a smtp proxy (derived from MJR's smap, but heavily enhanced) thatmaintains a list of frequently spoofed domains. Anything in that list isrejected if the envelope from address isn't delivered from a host in thecorresponding domain. If someone forges a bogus hotmail.com address fromtheir cable modem, It's rejected.In combination with a few DNSBLs and spamassasin I'm pretty effective atrejecting spam.

If there was a product that such large providers could deploy at theirgateway that filtered *outgoing* mail, and the only thing it did was tobounce a copy of suspected outgoing spam back to the senders inbox, then aspammer's inbox would fill to bursting almost immediately, and theprovider could lock out their account from sending any more mail until theissue was resolved.
Throw-away yahoo/hotmail/mail.com accounts would be a lot less costeffective if they could only send 10 spams each before they locked out.

Unless something is blatantly obvious (i.e. it contains a reference to"S.1618" or "Section 301", or says "This is not spam") you're going to havea hard time categorizing something as spam within 10 messages. Indeed, inmy experience the major e-mail providers (hotmail, yahoo, aol) are prettygood at controlling their spammers. They rate limit, quickly nuke spammers,and really aren't much of a problem. The troubles really come from networkproviders that don't take action against spammers. You solve those bycomplaining early and often - make the NSPs take action, which costs themmoney - that'll get them to think twice before taking on a spammer.

        -Rick

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: regarding spam..., (continued)
- - Re: regarding spam... John Adams (Mar 31)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 01)
  - Re: regarding spam... Crispin Cowan (Apr 01)
    - RE: regarding spam... Bill Royds (Apr 02)
    - Re: regarding spam... Thorkild Stray (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Ryan Russell (Apr 03)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Rick Murphy (Apr 02)
    - Re: Re: regarding spam... Andrew Fremantle (Apr 03)
    - Re: regarding spam... Mikael Olsson (Apr 03)
  - RE: regarding spam... Jeff Brown (Apr 02)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 02)
  - Re: regarding spam... Crispin Cowan (Apr 03)
  - RE: regarding spam... Rama Kant (Apr 03)
- Re: regarding spam... fwwiz (Apr 03)
- Re: regarding spam... Echo OnLine Administration (K.H) (Apr 03)