In <[log in to unmask]> [log in to unmask] writes:
> At 07:00 PM 11/18/98 -0500, you wrote:
> >
> >On the other hand, many mail servers nowadays (including ours) do insist
> >(if the option is enabled on the server) that any mail message contain only
> >valid domains in any of the addresses. Besides the obvious reason that many
> >spammers like to make up "from: user@internet" or some such garbage, if the
> >message contains an invalid return address (from or reply-to) a reply to that
> >message isn't going to be possible anyway.
> >
>
> But, Oh, Chris, you were one of the people I've been tryig to reach, and
> your mean ol' nasty mail serer is the one that says my return address is
> unacceptable! Hate to do this in public, but there's no other way!
Hmmmm... ;-)
Well, mail servers don't get much nastier than ours. ;-)
As it turns out, we just implemented a new anti-spam feature (which is being
tested on our systems) which caught you. FWIW it has nothing to do with your
e-mail address; it has to do with your ISP.
This is gonna look alot like a plug, so <plug>:
There are three (big name) dynamic anti-spam services on the Internet today
that allow mail servers (like ours... and the latest sendmail uses some of
these!) to dynamically check the IP address mail is coming from, and refuse
anything coming from "problem" domains. These three services are:
MAPS: Mail-Abuse Prevention System. Run mostly by ISPs, it filters only the
addresses of repeat/unresponsive spammers or ISPs that host them and
don't do anything about them (or are too incompetent to). Sendmail
and even most major ISPs adhere to/utilize this list.
ORBS: Online Realtime Blacklist Service: These guys provide a dynamic list
(mostly from lists provided to them by ISPs) of the IP addresses of
DIAL-UP ports. Since dial-up users should not be directly sending mail
to an SMTP server (as is done by most spamware programs today), this
automatically allows hosts to refuse mail coming from dialups (legit
mail - other than from a service's OWN pop users - always comes from a
'real' mail server). Many ISPs use this list as well; as long as they
make custom concessions to allow their legitimate POP clients to access
their server. [NetMail has such custom checks built in]
Dorkslayers: Here's the killer. As most of you that get spammed nowadays (and
that try to trace them down) discover; a majority of the mass-spamming
occurring nowadays is relayed through innocent (or incompetently admin-
istered) mail servers. Dorkslayers is a dynamic list that tests any
mail server someone tells it about -via a web form- and if it discovers
that this mail server will relay anyones mail (i.e. spam) it gets added
to their 'blacklist'. All servers on the list are automatically re-tested
regularly, and admins on the blacklisted servers are notified. Usually
servers only get submitted by someone after they have been used to spam
someone... though they'll test any machine submitted. (They DON'T test
systems unless someone submits them).
Anyway Tony, your ISP is blacklisted by Dorkslayers.
11/17/98 10:28:36 Host: 208.159.126.154 address excluded by Dorkslayers servi
11/17/98 10:28:55 Host: (208.159.126.154) "PM05SM.PMM.CW.NET" From: "Tony Fur
vall <[log in to unmask]>" SPAM intercepted for "[log in to unmask]"
You seem to be a cable and wireless victi...er... customer. C&W is having lots
of trouble and not being very responsive to spam complaints. If I were *you*
I'd call them and ask why their server(s) are blacklisted and what they're
doing to recover their customers' connectivity. Lots of services and sites
use Dorkslayers, so you're gonna have lots of other problems.
Anyway, the next release of NetMail/3000 supports (in addition to the spam
filters we already had integrated) dynamic selection of any (or all) of the
MAPS, ORBS/DUL, and Dorkslayers services.
Dorkslayers has caught a few (like Tony) but sure catches alot of real
SPAM. As a dynamic service, it's the quickest to 'react' to spammers and
since it automatically re-tests blacklisted machines (and admins can have
their servers checked on demand when they fix their problems) so it's also
the most current service. As Tony noticed though, they take no prisoners;
admins running misconfigured mail servers need to take notice that the rest
of the 'net isn't going to keep being subjected to junk that should have been
prevented by due diligence.
FWIW; my daily spam ingestion has dropped to less than half of what it was
before the dynamic filters were added.
-Chris (remove nospam...if you dare?) Bartram
|