nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attack of the Killer Spam

From: Eric Osborne <osborne () notcom com>
Date: Tue, 30 Dec 1997 20:17:41 -0500 (EST)

NANOG folk:

Over the past few weeks, I have noticed an influx of SPAM(tm) transmitted by
UUNet dynamic IP dial-up users (read: MSN, Earthlink, GTE, etc.) and relayed
using Earthlink SMTP relays.  Am I turning senile prematurely, or has anyone
else noticed this influx?


Yeah, I've seen some of it.



Also, how easy would it be for Earthlink and other nationwide "ISP's" (or
more accurately, UU/PSI resellers) to do the following?  This would not stop
SPAM(tm) dead in its tracks, but I figure it would make it easier to hold
spammers accountable at least... unless, of course, they use throw-away
accounts, in which case there is not much that can be done...

- institute anti-spam rules on their SMTP relays, i.e. only relay mail
reporting to be from earthlink.net and the virtual domains they host


Um..I think "the virtual domains they host" may be the tricky bit.  
I don't know how UU/PSI do their mail serving, but if Earthlink has its d/u
customers point to a UU/PSI relay for SMTP delivery, there's the matter of
keeping everyone's records up to date.

OTOH, if Earthlink (or whomever - Earthlink is just an example, here) points 
its customers towards something like mail.earthlink.net for SMTP relay, see
below....



- only allow SMTP relaying from IP's assigned to *their customers*
dynamically (cross-reference Radius logs?)


Good idea, although I think it may have some negative impacts on performance.
Again, there's also the matter of keeping everyone's records in sync.
mail.earthlink.net seems to have some basic relay filters in place, although
I'm not sure what their complete ruleset is.

Take a look at somebody like Xcom (hi, marty!) - www.xcom.net.  I'm not 
affiliated with them in any way, but it looks like what they do may be useful.
A Layer 2 approach means that you can assign only _your own_ IPs to dialin
customers, which cuts out the aforementioned Radius cross-reference.


Constructive feedback would be greatly appreciated!  Together, we CAN make a
difference.

Regards,
Adam





eric
Previous By Date Next
Previous By Thread Next

Current thread: