Anti-spam System Idea

william(at)elan.net william at elan.net
Sun Feb 15 06:25:31 UTC 2004


On Sat, 14 Feb 2004 jlewis at lewis.org wrote:

> 
> On Sat, 14 Feb 2004, Tim Thorpe wrote:
> 
> > If these exist then why are we still having problems? 
> 
> Because the spammers are creating proxies faster than any of the anti-spam
> people can find them.  Evidence suggests, at least on the order of 10,000
> new spam proxies are created and used every day by spackers 
> (spammer/hackers).

Add to that (or part of that number) is that many DSL and cable providers 
use DHCP to assign ip addresses for short period of time to their customers. 
Typically whenever system is reset a new ip would be assigned and a few of 
the zombie viruses being installed on the user system causes it to become
unstable (especially if its trying to send email and can not and keeps 
retrying after the ip is on blacklist) and those users begin to reboot the 
computer trying to get it to work properly resulting in those computers 
getting new ip addresses which would again be outside of blacklist

> > Why do we let customers who have been infected flood the networks with
> > traffic as they do? Should they not also be responsible for the security
> > of their computers? Do we not do enough to educate?
Just completely blocking access to those users seems an overly agressive
punishment (which actually caused quite a few angry users who left their
dsl provider). Some providers deal with this by blocking port25 or redirecting
it their own smtp server - some even do it onj their networks for all 
customers no matter if they got any reports or not (as preventative measure).
While there are many techs who don't like this practice it does seem that 
this solution effectively removes the PC from  being used as source of 
spam even if it becomes a zombie.

-- 
William Leibzon
Elan Networks
william at elan.net




More information about the NANOG mailing list