Attack of the Killer Spam
Wayne D. Correia
wayne at domain.net
Wed Dec 31 01:10:18 UTC 1997
At 4:42 PM -0800 12/30/97, Adam Rothschild wrote:
>NANOG folk:
>
>Over the past few weeks, I have noticed an influx of SPAM(tm) transmitted by
>UUNet dynamic IP dial-up users (read: MSN, Earthlink, GTE, etc.) and relayed
>using Earthlink SMTP relays. Am I turning senile prematurely, or has anyone
>else noticed this influx?
>
>Also, how easy would it be for Earthlink and other nationwide "ISP's" (or
>more accurately, UU/PSI resellers) to do the following? This would not stop
>SPAM(tm) dead in its tracks, but I figure it would make it easier to hold
>spammers accountable at least... unless, of course, they use throw-away
>accounts, in which case there is not much that can be done...
>
>- institute anti-spam rules on their SMTP relays, i.e. only relay mail
>reporting to be from earthlink.net and the virtual domains they host
>
>- only allow SMTP relaying from IP's assigned to *their customers*
>dynamically (cross-reference Radius logs?)
>
>Constructive feedback would be greatly appreciated! Together, we CAN make a
>difference.
>
>Regards,
>Adam
We require all of our cutomers' users to authenticate themselves, i.e.,
their current IP address with us via a POP connection before they're
allowed to use our SMTP servers. Once a successful POP login has been
completed, that "authorization" is good for 30 minutes.
Because we've done this, our service has been 100% free from unauthorized
relaying while at the same time keeping our relays totally open for our
customers' customers no matter where they've connecting. This was
essential for us to implement because we're a mail service provider for
Internet service providers, all of our direct customers are ISPs, and we
have no control over the networks that those ISPs' users come in from.
--
Wayne D. Correia Critical Path Inc. tel: +1-415-543-2800
CTO 320 First Street fax: +1-415-543-2830
San Francisco, CA 94105 pcs: +1-415-826-6000
"we handle the world's email" http://www.criticalpath.net
More information about the NANOG
mailing list