SORBS?!

William Herrin bill at herrin.us
Fri Apr 6 13:40:32 CDT 2012


On Fri, Apr 6, 2012 at 1:01 PM, Drew Weaver <drew.weaver at thenap.com> wrote:
> So you're suggesting that hosting companies do what?

I believe I'm suggesting you use SORBS as your canary in the coal mine
and otherwise ignore them.

But if you're asking what hosting companies could do to proactively
prevent spamming and make their systems inhospitable to spammers, I
might start with blocking non-local outbound TCP 25 by default. Then
have the customer fill out and sign a form. Spell out your bulk email
policies, have the customer specify which of their IPs will originate
email and have them send the form to you signed via U.S. Mail.  No
"proof" or other major hoops, just sign and mail the form.

Unless you're *trying* to run a "bulletproof hosting" system, you'll
find the customers who intentionally spam would prefer to stay under
the radar. Forcing them to "out" themselves by telling you they intend
to send mail from every one of their addresses is often enough to
encourage their voluntary departure. And it's certainly enough to tell
you *which* among your thousands of customers you should watch to make
sure they're not spammers.

For the non-spamming customers, you've emphasized that running a well
secured email server is a challenge which takes more than clicking
install.exe. You haven't told them they can't, but you've spelled out
"be careful" in big, bold letters.


> And I'm mostly just complaining about senderbase, because they seem to be the one that really large companies reference.

Meh. If you catch them while they're still just annoying SORBS,
they'll never make it in to senderbase. Canary. Coal mine.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the NANOG mailing list