nanog mailing list archives

Re: what to do about joe-jobs?

From: Justin Shore <listuser () numbnuts net>
Date: Wed, 24 Sep 2003 14:07:23 -0500 (CDT)


On Wed, 24 Sep 2003, Stephen J. Wilcox wrote:

The one that they're doing on my own domain which I mentioned on list some 
months ago is still going strong with many Mbs of bounces per day.. I think its 
fair to say there is very little you can do as tracking the source is almost 
impossible..


That depends on how detailed the bounce is, to an extent.  Many of the
bounces actually contain a complete copy of the message that generated the
bounce.  Ie, the full spam and nothing but the spam.  From that you can
find the original source IP.  Of course that source IP may very well be an
open proxy.  You're screwed if that's the case.  However since you have a
complete copy of the spam you can still follow the money trail.  Spammers 
have to get their money somehow.  The actual spam will give you many 
places to start.  Of course once you have that you still have to convince 
a provider to take action against their customer.

Justin

Current thread:

RE: Another DNS blacklist is taken down, (continued)
- - - RE: Another DNS blacklist is taken down Patrick (Sep 24)
    - RE: Another DNS blacklist is taken down Vadim Antonov (Sep 24)
    - RE: Another DNS blacklist is taken down Christopher Bird (Sep 24)
- what to do about joe-jobs?, was: Re: Another DNS... David Raistrick (Sep 24)
  - Re: what to do about joe-jobs?, was: Re: Another DNS... David Raistrick (Sep 24)
  - Re: what to do about joe-jobs? Stephen L Johnson (Sep 24)
    - Re: what to do about joe-jobs? Valdis . Kletnieks (Sep 24)
    - Re: what to do about joe-jobs? Mike Leber (Sep 25)
    - Re: what to do about joe-jobs? Justin Shore (Sep 24)
    - Re: what to do about joe-jobs? Stephen J. Wilcox (Sep 24)
    - Re: what to do about joe-jobs? Justin Shore (Sep 24)
    - Re: what to do about joe-jobs? Kee Hinckley (Sep 24)
    - Re: what to do about joe-jobs? Justin Shore (Sep 24)
    - Re: what to do about joe-jobs? David Raistrick (Sep 24)
    - Re: what to do about joe-jobs? Stephen L Johnson (Sep 24)
    - Blacklisting: obvious P2P app neal rauhauser (Sep 24)
    - RE: Blacklisting: obvious P2P app David Schwartz (Sep 24)
    - RE: Blacklisting: obvious P2P app Vadim Antonov (Sep 24)
    - Re: Blacklisting: obvious P2P app Damian Gerow (Sep 24)
- RE: Another DNS blacklist is taken down Joel Perez (Sep 24)
  - RE: Another DNS blacklist is taken down Justin Shore (Sep 24)

(Thread continues...)