Time to check the rate limits on your mail servers
Raymond Dijkxhoorn
raymond at prolocation.net
Thu Feb 3 15:08:49 UTC 2005
Hi!
>> CNET reports
>> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
>> that botnets are now routing their mail traffic through the local
>> ISP's mail servers rather than trying their own port 25
>> connections.
> Both on ASRG and here on NANOG, many of us said many times, and most of the
> times people called me crazy;
>
> 1. Block port 25 for dynamic ranges - that will kill the current strain of
> worms.
> 2. It won't solve spam, and neither will SPF or anything else of the sort, as
> when you have 100K zombies, you don't need to act a server, you can use the
> real credentials for the user, and even if limited to a 1000 messages, that
> times 100K drones is...
Did you actially read the article? This was about drones sending out via
its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In
general sure, good ide, and also start using submission for example. But
in this contect its silly.
Bye,
Raymond.
More information about the NANOG
mailing list