How do you stop outgoing spam?

Barry Shein bzs at world.std.com
Tue Sep 10 19:26:15 UTC 2002



Point of information:

Can you really distinguish all this intentionality vs. the spammer
just changing which relay to rape? Perhaps because the raped relay was
shut down or secured when the owner found out what was going on?

Or the spammer just switching relays to rape for no specific reason
other than they seem to "go bad" after a few hours so use one for a
while (perhaps a batch of addresses to spam) and then switch to the
next in the list?


On September 10, 2002 at 09:12 JOE at OREGON.UOREGON.EDU (Joe St Sauver) wrote:
 > Actually, our experience *does* follow the backoff paradigm: if you block a 
 > particular source of spam, that rejection *does* seem to trigger "message
 > volume" backoff at the source, with only periodic check probes apparently 
 > designed to see if the spam source is really still blocked (and of course 
 > it really still is). 
 > 
 > Now it is true that in many cases the spammer *will* do a set of probes in an 
 > effort to see just how broad a given block is (e.g., is it just a /32 that's 
 > being blocked? is it my entire netblock? is it a domain based filter? can I 
 > slide in via an open SMTP relay or an abusable proxy server?), but at least 
 > here at the U of O, we're NOT seeing spammers waste their time attempting 
 > delivery of hundreds or thousands of messages per day via hosts that have 
 > been identified and filtered. 
 > 
 > Regards,
 > 
 > Joe

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*



More information about the NANOG mailing list