improved NANOG filtering
rob at invaluement.com
Mon Oct 26 23:37:00 UTC 2015
On 10/26/2015 5:15 PM, Patrick W. Gilmore wrote:
> And the first person who says “who has seen $URL” or similar in a message gets bounced, then bitches about “operational nature” of NANOG.
> I think it is probably not a great idea to add things like URI checkers to NANOG. We can bitch & moan about people supposed to modify it to hxxp or whatever, but reality is people like to copy/paste and this is not unreasonable on NANOG.
That is a good point. Personally, I think whole spam samples should be
linked to a pastebin post. and individual references to a spammer's
domain or ip should have a space inserted before each dot. What can be
frustrating when this isn't done ... is that discussions about spam can
intermittently get filtered on the client side, sometimes by active
participants in a thread... and inconsistently. which is frustrating...
and which is why everyone OUGHT to use such tactics when providing spam
samples or when discussing spammy IPs or domains.
But you're correct. Filtering on the server side of lists is not as
simple as it sounds due to the risk of mistakenly blocking legit
messages in a discussion about spam.
Still, it may not be as problematic as you think to deploy such
measures. When the sender gets a rejection notice, they often figure out
what happened and resend with the spam obfuscated, fwiw. If someone
complains, tell them that they should have known to obfuscate the spam
(or spammy domain or IP), or post the spam sample to pastebin
As least, that is my suggestion. But I know there isn't an easy answer
More information about the NANOG