Re: Despamming wholesale dialup

["Scott Gifford" <sgifford () tir com>]

> > To address this i have proposed installing filters that will only allow
> these
> > folks to connect to
> > port 25 of the ISP that has bought the ports. This way they are not able
to
> > relay off of anyone elses machine
>
>
> The problem is for companies like ours that live by selling mail acounts to
> users of other ISPs. They need POP and SMTP access to our mail servers,
from
> whereever they are calling. We are running sendmail v8.9.1 with all the
> anti-relay stuff and RBL besides. The problem you have is the same one we
have
> for secured SMTP, maybe easier. How do you tell the site is secure? In this
> case testing for open relays is well known.
>
> What I really suggest, and this takes some work on your part, is to contact
> the
> site's admin and inform them of their open-relay status. If they won't
close
> the relay, block them. Alternatively, you can assume that if they haven't
> gotten their relays closed by now they are too clue-less to do so and block
> them immediately, with notification.


  The problem is when the spam-bastard isn't relaying.  We've been getting
thousands of messages every week from spammers who buy dialup from various
places, then connect directly to the destination mail server to deliver the
mail.  That's what this prevents.  I don't know of any other method that
does.

  An interesting answer to the problem you discussed above was suggested by
somebody from the EFF at a spam BOF at USENIX this summer.  He suggested
that by default, you filter on port 25.  But if somebody needs access for
legitimate reasons, or even if they don't, have a letter they can fill out,
sign, and send in which states that they will not send spam, subject to a
$500/message penalty.  Then if they do, just bill them.

  An alternative for you would be to run a mail server on a different
port...

-------Scott.