nanog mailing list archives
Re: ISP wants to stop outgoing web based spam
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Wed, 9 Aug 2006 23:00:32 +0300 (IDT)
On Wed, 9 Aug 2006, Ken Simpson wrote: Typical SMTP headers of http based spam:
Received: from pmx2.montclair.edu (smtp-in.montclair.edu [130.68.1.65]) by broadway.montclair.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0J3Q0067VUMZAF () broadway montclair edu> for x; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from pmx2.montclair.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 032883F01 for <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from tw4.telgua.com.gt (tw3.telgua.com.gt [216.230.128.5]) by pmx2.montclair.edu (Postfix) with ESMTP id 8F6993F03 for <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT) Received: from intelnet.net.gt (unknown [10.160.3.1]) by tw4.telgua.com.gt (Tumbleweed MailGate) with ESMTP id 72D1748A5C673; Wed, 09 Aug 2006 13:42:51 -0500 (CDT) Received: from [10.160.3.30] (Forwarded-For: [xx.56.145.19]) by messaging.telgua.com.gt (mshttpd); Wed, 09 Aug 2006 12:39:46 -0700
The key here is the bottom Received with the mshttpd. Only once it hits telgua.com.pt (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs.
Basically, the state of blocking outgoing spam hasn't progressed in the past 4 years. Bummer.
Hank Nussbacher http://www.interall.co.il
I thought it was pretty clear that he was talking about e-mail spam submitted using HTTP to webmail services like hotmail, yahoo and gmail:I guess I'm still a little confused about the poster's original request. It sounds like he is interested in stopping his own users from spamming via web-based email services such as Gmail and Hotmail, or via insecure forms. That can be accomplished hypothetically by filtering HTTP requests and looking for spam in POSTs; although with the proliferation os AJAX-style interfaces in these services, figuring out which POSTs refer to a message submission is far more difficult than it was in the good old Web 1.0 days. Regards, Ken -- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741 +++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
Current thread:
- Re: ISP wants to stop outgoing web based spam, (continued)
- Re: ISP wants to stop outgoing web based spam David Andersen (Aug 09)
- RE: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 09)
- Re: ISP wants to stop outgoing web based spam Matthew Black (Aug 09)
- Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 09)
- Re: ISP wants to stop outgoing web based spam Gregory Kuhn (Aug 09)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
- Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 10)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 10)
- Re: ISP wants to stop outgoing web based spam Matthew Black (Aug 09)
- Re: ISP wants to stop outgoing web based spam Joe Abley (Aug 09)
- Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 09)
- Re: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 09)
- Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
- Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
- Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
- Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 10)
- Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 10)
- Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
- Re: ISP wants to stop outgoing web based spam Valdis . Kletnieks (Aug 11)