Spammers Skirt IP Authentication Attempts

• Previous message (by thread): Spammers Skirt IP Authentication Attempts
• Next message (by thread): Spammers Skirt IP Authentication Attempts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 Sep 2004, Ricardo "Rick" Gonzalez wrote:

Ricardo,

I *do* stop spam within my domain of control.  I terminate spammers as I 
find them.  In the event a customer appears spammish in his entirety, I 
kill them.  In the event spam originates from a single ip, or a single 
customer-hosted domain name, I give the customer the chance to clean up 
the mess and get it off our network.  Bonus points are of course added if 
the customer is willing to prove their innocence by pointing the domain 
somewhere bad (like 127.0.0.1), instead of moving it off to be a landing 
site elsewhere.

There *are* of course instances where machines are compromised, or 
clueless people install old versions of formmail (which is continually 
compromised in new ways), and I get those abuse reports as well, and tend 
to them as well.

On occasion it's taken longer than necessary to kill spammers for a couple 
of interesting legal reasons I'm not at liberty to discuss in this forum, 
but I keep us clean enough that we're not on any of the major blacklists.

All this, however, is secondary to my real reason for even replying to 
your mail at all.

I'd like to applaud you personally for taking a list that I'm posting to 
with my personal email address, and dragging my job into it (there's a 
separation, there).  It shows a level of maturity I'd reserve for the 
frag-server customers we host.

This topic is still getting older, further off topic, and further and 
further away from the spirit of the list.

-Dan Mahoney


> Dan:
>
> SPF, SpamAssassin, and other measures are all steps in the right
> direction in making spam less of a problem than it is today.  I
> applaud you for taking part in their respective forums.
>
> What you fail to realize is that spam is a problem best stopped within
> your domain of control.  According to Google, it appears as though you
> have a problem with terminating spamming customers, in accordiance
> with your own AUP:
>
> http://groups.google.com/groups?q=ezzi+spam&hl=en&lr=&ie=UTF-8&sa=N&scoring=d
>
> What I found more alarming were this the double standards set forth by
> this post:
>
> http://groups.google.com/groups?q=&hl=en&lr=&ie=UTF-8&selm=5a29bb5.0202260613.3addb4ce%40posting.google.com&rnum=2
>
> I'm sorry, but you aren't entitled to anything.  If you'd like to be
> removed from the DNSBL's, you need to remove your offending customers.
> You can't just say "these customers are spammers, block them, don't
> block anyone else" and keep collecting a check from them at the end of
> the month.
>
> "A los tontos no les dura el dinero."
>
> ---Ricardo
>
> On Wed, 8 Sep 2004 07:46:30 -0400 (EDT), Dan Mahoney, System Admin
> <danm at prime.gushi.org> wrote:
>>
>> On Wed, 8 Sep 2004, vijay gill wrote:
>>
>> And randomgibberish.comcast.net will still be in all the dynamic
>> blacklists.
>>
>> I'm subscribed to both the SpamAssassin list, and this one.
>>
>> This is getting seriously off-topic.
>>
>> If you like SPF, embrace it.  If not, don't.
>>
>> This may very well be one of the things that time will tell on, much like
>> open relays, which were considered harmless, or things like telnet, which
>> used to be a complete standard, and now, my *remote reboot* units come SSH
>> capable.  Spamassassin and other spam control technologies are choosing
>> to.  It's ONE PIECE of a very large solution.  It's a solution to domain
>> forging, not to spam.  (nothing in this paragraph is anything new to this
>> list in the past week).
>>
>> Can we please get on with our lives?
>>
>> Thanks
>>
>> -Dan Mahoney
>>
>>
>>
>>>
>>> On Wed, Sep 08, 2004 at 11:54:32AM +0100, Paul Jakma wrote:
>>>>
>>>> Except that, SPF records are as easy to setup for a spammer, as for
>>>> you and I. If the above is a spammer, then SPF for foobar.com will
>>>> list randomgibberish.comcast.net as an authorised sender.
>>>>
>>>> SPF will absolutely not have any effect on spam.
>>>
>>> But if instead of foobar.com, it is vix.com or citibank.com, then their
>>> SPF records will not point at randomgibberish.comcast.net as an
>>> authorized sender. That means that if I do get a mail purporting to be
>>> from citi from randomgibberish, I can junk it without hesitation.
>>>
>>> /vijay
>>>
>>
>> --
>>
>> "It's three o'clock in the morning.  It's too late for 'oops'.  After
>> Locate Updates, don't even go there."
>>
>> -Paul Baecker
>>   January 3, 2k
>>   Indeed, sometime after 3AM
>>
>>
>>
>> --------Dan Mahoney--------
>> Techie,  Sysadmin,  WebGeek
>> Gushi on efnet/undernet IRC
>> ICQ: 13735144   AIM: LarpGM
>> Site:  http://www.gushi.org
>> ---------------------------
>>
>>
>

--

"...Somebody fed you sugar.  Shit!"

--Tracy, after noticing Gatorade on my desk.

Ezzi Computers, October 18th 2003
Approx 11PM

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

• Previous message (by thread): Spammers Skirt IP Authentication Attempts
• Next message (by thread): Spammers Skirt IP Authentication Attempts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]