Time to check the rate limits on your mail servers

Gadi Evron ge at linuxbox.org
Thu Feb 3 14:47:25 UTC 2005


Michael.Dillon at radianz.com wrote:
> CNET reports 
> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
> that botnets are now routing their mail traffic through the local
> ISP's mail servers rather than trying their own port 25
> connections. 

Both on ASRG and here on NANOG, many of us said many times, and most of 
the times people called me crazy;

1. Block port 25 for dynamic ranges - that will kill the current strain 
of worms.
2. It won't solve spam, and neither will SPF or anything else of the 
sort, as when you have 100K zombies, you don't need to act a server, you 
can use the real credentials for the user, and even if limited to a 1000 
messages, that times 100K drones is...

The issue is numbers, and how to reduce them, not stop the tide.

Currently there is a discussion of this on Spam-Research [1], quite 
interesting.

	Gadi.

1 - Spam-Research archives: 
https://linuxbox.org/cgi-bin/mailman/listinfo/spam



More information about the NANOG mailing list