New IANA IPv4 allocation to AfriNIC (41/8)

Richard Cox Richard at mandarin.com
Wed Apr 13 22:22:30 UTC 2005


On Wed, 13 Apr 2005 20:38:44 UTC "Steve Meuse" <smeuse at gmail.com> wrote:

> On 4/13/05, John Palmer <nanog at adns.net> wrote:
>> Thank you for that information. I can leave 41/8 in my router bogon
>> list and hopefully eliminate the Nigerian 419 problem somewhat.
>
> Personally, I believe we should give them the chance to fail before we
> cut them off from the rest of the world. I don't think the majority of
> 419 email comes from addresses actually sourced in Nigeria.

The largest part (>90%) does originate in Nigeria.  The remainder comes
from countries adjacent to Nigeria such as Togo, Senegal, etc (~6%) or
from the Netherlands (~4%)

Unfortunately, the traffic originating in Nigeria comes out on satellite
connections which have established IP ranges assigned to the Satellite
operator and configured as part of his ASN.  In other words, they will
mostly match the location of the Satellite downlink - UK, Denmark, or
Israel etc.  Typically less than 10% of the traffic from Nigeria uses
IPs assigned on the basis of the network actually being in Nigeria.

The 419 scammers are so used now to port 25 on their own IP addresses
being blocked (either by their own ISP or by the recipient network)
that they have all but given up on direct mailing.  Their main methods
are to send through Webmail on a network that doesn't take subscription
security sufficiently seriously (Tiscali, Microsoft Hotmail, etc) or to
use a compromised server such one running PHPNuke webmail.

Leaving 41/8 as a bogon, or otherwise filtering it, will make less than
1% overall difference in the volume of 419-style spam that you receive.
Just for completeness, the "lottery" style scams, which are another form
of Advance Fee Fraud, also originate in Nigeria even though they may
claim to be from people in the UK or in other parts of the EEC.

Just to keep this on topic I will relate the tale of a systems engineer
who I called, to point out the volume of 419 mail coming through their
mailservers.  "I can't look at that now", he said, "the current load on
our smarthosts is so high that the mail is backing up - and I have to
get this proposal for four new servers finished for the Board tonight"

Then it suddenly dawned on him why his mail load had become so high ...

-- 
Richard Cox



More information about the NANOG mailing list