funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 95% of User Generated Content is spam or malicious

From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 15 Feb 2010 11:46:14 -0500
On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:

Threatstop users running the default TS blocklists on their firewalls
before the anti-spam systems see, typically, 15% to 25% reduction in
average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of
what it is without ThreatSTOP. 


<chuckle> I'm waaaay past that.  I've cut down the number of incoming
connections by about 90% via judicious use of the DROP list, country
blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall.

In one installation, I've gone the other way: all SMTP connections
are blocked except those originating in North America (less those on
the DROP list or in spammer-allocated blocks).

The default-permit model for SMTP is on its way out, and it makes
progressively less sense to spend ever-increasing resources to
sustain it.  But judicious study of inbound/outbound mail traffic
is very necessary before trying something like this.  (Then again:
how could any postmaster possibly know how well they're doing unless
they measure it?  Sadly, very, very few actually do.)

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: