improved NANOG filtering

Rob McEwen rob at
Mon Oct 26 23:37:00 UTC 2015

On 10/26/2015 5:15 PM, Patrick W. Gilmore wrote:
> And the first person who says “who has seen $URL” or similar in a message gets bounced, then bitches about “operational nature” of NANOG.
> I think it is probably not a great idea to add things like URI checkers to NANOG. We can bitch & moan about people supposed to modify it to hxxp or whatever, but reality is people like to copy/paste and this is not unreasonable on NANOG.

That is a good point. Personally, I think whole spam samples should be 
linked to a pastebin post. and individual references to a spammer's 
domain or ip should have a space inserted before each dot. What can be 
frustrating when this isn't done ... is that discussions about spam can 
intermittently get filtered on the client side, sometimes by active 
participants in a thread... and inconsistently. which is frustrating... 
and which is why everyone OUGHT to use such tactics when providing spam 
samples or when discussing spammy IPs or domains.

But you're correct. Filtering on the server side of lists is not as 
simple as it sounds due to the risk of mistakenly blocking legit 
messages in a discussion about spam.

Still, it may not be as problematic as you think to deploy such 
measures. When the sender gets a rejection notice, they often figure out 
what happened and resend with the spam obfuscated, fwiw. If someone 
complains, tell them that they should have known to obfuscate the spam 
(or spammy domain or IP), or post the spam sample to pastebin

As least, that is my suggestion. But I know there isn't an easy answer 
to this.

Rob McEwen

More information about the NANOG mailing list