Who Are The Good Guys?

• Previous message (by thread): ISP tutorial in Tampa
• Next message (by thread): Who Are The Good Guys?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	In the war against spam, its getting harder to figure out who
	the good guys are.  Last weekend, we had an incident where a server
	called pure.fiber.net was relaying thousands of spam messages off
	one of our mail servers.  While we have filters in place to block
	the obvious spammers (cyberpromo and others), we don't learn about
	new ones until they cross the line (or we get them from Paul's
	site at http://www.vix.com/spam -- thanks Paul!).

	Unfortunately, fiber.net is a 9 to 5, Monday thru Friday operation
	with no weekend or evening NOC.  This made things difficult for us
	at 2 am on a Saturday night trying to get their attention.  Because
	fiber.net was not known as a spammer, we did not want to unilaterally
	block them off until we could talk to them when they opened on Monday
	morning, so we wrote some bash scripts and ran them against our mail
	queue every three minutes to kill messages with specific attributes
	relating to the spam.

	On Monday, we talked with their technical contact and he said that
	someone on their server must have been misbehaving, but that they
	would look into it.  Today I reviewed my logs and not only did it not
	stop, but they started ANOTHER spam off our mail servers.  When one
	of our engineers called them this afternoon, they said they were
	innocent because someone was using them as a relay -- nice try, but
	if they were a relay, we should not have seen any messages other
	than those destined for addresses on our network.  Instead, we got
	the entire spam feed.  They even went so far as to insert forged
	Received headers into the messages to try and throw us off.

	The spammers played us as chumps.  Fine -- now I have filters in
	my backbone routers for 204.250.13/24 and 204.250.192/19, and mail
	filters for *.fiber.net just in case they manage to get another IP
	block.  Grrrrr.  The bottom line is that you cant tell the good guys
	from the bad guys anymore.  There are ISPs that support spammers and
	then lie about it when they get caught.  Even though I detest the 
	fact that AGIS supports cyberpromo, at least they have the guts to
	tell it the way it is.

	As an aside, today we got a message in our marketing box asking 
	"Do you support spammers?" -- unbelievable.  The poster was looking
	for an ISP that would allow him to post 500 to 1000 spam messages
	each day.  I sent him a form letter telling him "no" and outlining
	why spam is a Bad Idea(tm).  It is obvious the spammers are getting
	much more aggresive and may even be compiling lists of spammer
	friendly ISPs.  Its not just getting worse -- its getting weird.

	Dave Stoddard
	US Net Incorporated
	301-572-5926
	dgs at us.net

• Previous message (by thread): ISP tutorial in Tampa
• Next message (by thread): Who Are The Good Guys?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]