info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spam on this list


From: Greg A. Woods
Subject: Re: spam on this list
Date: Mon, 4 Mar 2002 15:40:23 -0500 (EST)

[ On Monday, March 4, 2002 at 14:39:02 (-0500), Eric Siegerman wrote: ]
> Subject: Re: spam on this list
>
> Whether the sender's host is an open relay is far from a perfect
> heuristic for identifying spam -- and whether the
> open-relay-tracking projects identify it as such is less perfect
> yet.

Well while all e-mail from an open relay isn't automatically UCE, all
open relays are eventually conduits for at least some UCE.

It really is not a good idea to allow your mail server to participate in
the theft of service attacks perpetrated by spammers on open relays.
This should be even more important for mailing lists since they amplify
the effects of a spammer's illegal activities.

The only way to avoid being a party to such a theft of service attack is
to actively block all e-mail from all known open relays, all of the time.

There is absolutely no reason for anyone to run an open relay and
there's absolutely no reason anyone need accept any e-mail from a proven
open relay -- if the users of such a vulnerable mailer wish to send
e-mail then they should pressure their administrator(s) to secure it.

The problem is that most operators of open relays do not know they are
vulnerable to theft of service attacks.  Actively blocking all of their
e-mail is a very effective, safe, and secure, way of letting them know
immediately of their problems.

The excuses given by the GNU.ORG postmaster(s) are lame and irrelevant
to the very real problems of SMTP theft of service attacks that continue
to grow in frequency and costs to us all every day.

>  In the last 50 spam messages I've received from info-cvs,
> only 22 of them have had X-RBL-Warning headers.  (And some
> non-spam *has* had them, though I'm not sure how recently that
> happened.)

Yeah -- there's the rub.  ORDB is far from perfect itself, and not all
were relayed with theft of service attacks.  Almost all were listed in
one of the other widely used black lists though.  I use the following
DNS blacklists myself (honouring only the specified A RR values though):


        :dev.null.dk; 127/8\
        :dnsbl.njabl.org; 127.0.0.2, 127.0.0.3\
        :spamsources.fabel.dk; 127.0.0.2\
        :relays.osirusoft.com; 127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5, 
127.0.0.6, 127.0.0.7, 127.0.0.8\
        :relays.ordb.org; 127/8\
        :inputs.orbz.org; 127/8\
        :outputs.orbz.org; 127/8\
        :orbs.dorkslayers.com; 127.0.0.2\
        :blackholes.five-ten-sg.com; 127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5\
        :blackholes.2mbit.com; 127.0.0.2\
        :bl.spamcop.net; 127.0.0.2\
        :blackholes.wirehub.net; 127.0.0.2\
        :dynablock.wirehub.net; 127.0.0.2\
        :blacklist.spambag.net; 127.0.0.2\

Lots of info about DNS blacklists can be found here:

        http://www.declude.com/junkmail/support/ip4r.htm

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <address@hidden>;  <address@hidden>;  <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]