Spam Control Considered Harmful

Dalvenjah FoxFire dalvenjah at dal.net
Wed Oct 29 23:12:46 UTC 1997


Cal Thixton - President - ThoughtPort Authority of Chicago put this into my mailbox:
> 
> 

> 	In an effort to research from where we get spammed, we get a
> daily report (see below) of the sites that spammed us, who they were
> trying to spam and from where they came from.  The most frequent
> pattern we are seeing are spams from simple dialup PPP accounts
> purchased all across the country; AT&T, UUNET, SWBell, BellSouth,
> etc... I know where they came from and yet knowing that does not
> help.  We cannot block all of UUNET just because some ppp customer
> used our servers to spam.

This has been my experience too.

Is there a good reason why the throwway folks (those mentioned above)
haven't blocked port 25 from their dialups to the outside internet?

It seems that this would help stop the hijacking of other SMTP relays
that occurs, and limit abuse to that ISP's own servers, where it can
be better controlled.

The only reason I can think of that would stop this would be if a
user subscribes to earthlink, but uses a UUnet dialin, that customer's
software would be set up to use the Earthlink SMTP servers.

Keep in mind again I don't yet know much about how this would impact
router performance..but wouldn't one be able to set up access-lists,
then, that would allow port-25 connections to a defined list of SMTP
servers (say, UUnet, MSN, and earthlink SMTP servers), and prohibit
everything else?

Why aren't they doing this?

I've currently blocked all of UUnet and PSInet from my mail server -
spam about dropped in half. But I'm still getting spam through
what appear to be unsuspecting relays - and the source is one of those
dialup, throwaway accounts.

-dalvenjah

--
 Dalvenjah FoxFire (aka Sven Nielsen)  "It brought me a Mr. Potato Head,
 Founder, the DALnet IRC Network       Scully. It knew that I wanted a
                                       Mr. Potato Head!"

 e-mail: dalvenjah at dal.net             WWW: http://www.dal.net/~dalvenjah/
 whois: SN90                           Try DALnet! http://www.dal.net/



More information about the NANOG mailing list