LISTSERV - HP3000-L Archives

HP3000-L Archives

November 1998, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L November 1998, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re[2]: Ah - now I know why my pearls of wisdom are rejected!
From:	Chris Bartram <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 19 Nov 1998 12:59:40 -0500
Content-Type:	Text/Plain
Parts/Attachments:	Text/Plain (88 lines)

 In <[log in to unmask]> [log in to unmask] writes:

> At 07:00 PM 11/18/98 -0500, you wrote:
> >
> >On the other hand, many mail servers nowadays (including ours) do insist
> >(if the option is enabled on the server) that any mail message contain only
> >valid domains in any of the addresses. Besides the obvious reason that many
> >spammers like to make up "from: user@internet" or some such garbage, if the
> >message contains an invalid return address (from or reply-to) a reply to that
> >message isn't going to be possible anyway.
> >
>
> But, Oh, Chris, you were one of the people I've been tryig to reach, and
> your mean ol' nasty mail serer is the one that says my return address is
> unacceptable! Hate to do this in public, but there's no other way!

Hmmmm... ;-)

Well, mail servers don't get much nastier than ours. ;-)

As it turns out, we just implemented a new anti-spam feature (which is being
tested on our systems) which caught you. FWIW it has nothing to do with your
e-mail address; it has to do with your ISP.

This is gonna look alot like a plug, so <plug>:

There are three (big name) dynamic anti-spam services on the Internet today
that allow mail servers (like ours... and the latest sendmail uses some of
these!) to dynamically check the IP address mail is coming from, and refuse
anything coming from "problem" domains. These three services are:

MAPS: Mail-Abuse Prevention System. Run mostly by ISPs, it filters only the
     addresses of repeat/unresponsive spammers or ISPs that host them and
     don't do anything about them (or are too incompetent to). Sendmail
     and even most major ISPs adhere to/utilize this list.

ORBS: Online Realtime Blacklist Service: These guys provide a dynamic list
     (mostly from lists provided to them by ISPs) of the IP addresses of
     DIAL-UP ports. Since dial-up users should not be directly sending mail
     to an SMTP server (as is done by most spamware programs today), this
     automatically allows hosts to refuse mail coming from dialups (legit
     mail - other than from a service's OWN pop users - always comes from a
     'real' mail server). Many ISPs use this list as well; as long as they
     make custom concessions to allow their legitimate POP clients to access
     their server. [NetMail has such custom checks built in]

Dorkslayers: Here's the killer. As most of you that get spammed nowadays (and
     that try to trace them down) discover; a majority of the mass-spamming
     occurring nowadays is relayed through innocent (or incompetently admin-
     istered) mail servers. Dorkslayers is a dynamic list that tests any
     mail server someone tells it about -via a web form- and if it discovers
     that this mail server will relay anyones mail (i.e. spam) it gets added
     to their 'blacklist'. All servers on the list are automatically re-tested
     regularly, and admins on the blacklisted servers are notified. Usually
     servers only get submitted by someone after they have been used to spam
     someone... though they'll test any machine submitted. (They DON'T test
     systems unless someone submits them).

Anyway Tony, your ISP is blacklisted by Dorkslayers.

11/17/98 10:28:36  Host: 208.159.126.154 address excluded by Dorkslayers servi
11/17/98 10:28:55  Host: (208.159.126.154) "PM05SM.PMM.CW.NET" From: "Tony Fur
vall <[log in to unmask]>" SPAM intercepted for "[log in to unmask]"

You seem to be a cable and wireless victi...er... customer. C&W is having lots
of trouble and not being very responsive to spam complaints. If I were *you*
I'd call them and ask why their server(s) are blacklisted and what they're
doing to recover their customers' connectivity. Lots of services and sites
use Dorkslayers, so you're gonna have lots of other problems.

Anyway, the next release of NetMail/3000 supports (in addition to the spam
filters we already had integrated) dynamic selection of any (or all) of the
MAPS, ORBS/DUL, and Dorkslayers services.

Dorkslayers has caught a few (like Tony) but sure catches alot of real
SPAM. As a dynamic service, it's the quickest to 'react' to spammers and
since it automatically re-tests blacklisted machines (and admins can have
their servers checked on demand when they fix their problems) so it's also
the most current service. As Tony noticed though, they take no prisoners;
admins running misconfigured mail servers need to take notice that the rest
of the 'net isn't going to keep being subjected to junk that should have been
prevented by due diligence.

FWIW; my daily spam ingestion has dropped to less than half of what it was
     before the dynamic filters were added.

            -Chris (remove nospam...if you dare?) Bartram

ATOM RSS1 RSS2

RAVEN.UTC.EDU