In <[log in to unmask]> [log in to unmask] writes: > At 07:00 PM 11/18/98 -0500, you wrote: > > > >On the other hand, many mail servers nowadays (including ours) do insist > >(if the option is enabled on the server) that any mail message contain only > >valid domains in any of the addresses. Besides the obvious reason that many > >spammers like to make up "from: user@internet" or some such garbage, if the > >message contains an invalid return address (from or reply-to) a reply to that > >message isn't going to be possible anyway. > > > > But, Oh, Chris, you were one of the people I've been tryig to reach, and > your mean ol' nasty mail serer is the one that says my return address is > unacceptable! Hate to do this in public, but there's no other way! Hmmmm... ;-) Well, mail servers don't get much nastier than ours. ;-) As it turns out, we just implemented a new anti-spam feature (which is being tested on our systems) which caught you. FWIW it has nothing to do with your e-mail address; it has to do with your ISP. This is gonna look alot like a plug, so <plug>: There are three (big name) dynamic anti-spam services on the Internet today that allow mail servers (like ours... and the latest sendmail uses some of these!) to dynamically check the IP address mail is coming from, and refuse anything coming from "problem" domains. These three services are: MAPS: Mail-Abuse Prevention System. Run mostly by ISPs, it filters only the addresses of repeat/unresponsive spammers or ISPs that host them and don't do anything about them (or are too incompetent to). Sendmail and even most major ISPs adhere to/utilize this list. ORBS: Online Realtime Blacklist Service: These guys provide a dynamic list (mostly from lists provided to them by ISPs) of the IP addresses of DIAL-UP ports. Since dial-up users should not be directly sending mail to an SMTP server (as is done by most spamware programs today), this automatically allows hosts to refuse mail coming from dialups (legit mail - other than from a service's OWN pop users - always comes from a 'real' mail server). Many ISPs use this list as well; as long as they make custom concessions to allow their legitimate POP clients to access their server. [NetMail has such custom checks built in] Dorkslayers: Here's the killer. As most of you that get spammed nowadays (and that try to trace them down) discover; a majority of the mass-spamming occurring nowadays is relayed through innocent (or incompetently admin- istered) mail servers. Dorkslayers is a dynamic list that tests any mail server someone tells it about -via a web form- and if it discovers that this mail server will relay anyones mail (i.e. spam) it gets added to their 'blacklist'. All servers on the list are automatically re-tested regularly, and admins on the blacklisted servers are notified. Usually servers only get submitted by someone after they have been used to spam someone... though they'll test any machine submitted. (They DON'T test systems unless someone submits them). Anyway Tony, your ISP is blacklisted by Dorkslayers. 11/17/98 10:28:36 Host: 208.159.126.154 address excluded by Dorkslayers servi 11/17/98 10:28:55 Host: (208.159.126.154) "PM05SM.PMM.CW.NET" From: "Tony Fur vall <[log in to unmask]>" SPAM intercepted for "[log in to unmask]" You seem to be a cable and wireless victi...er... customer. C&W is having lots of trouble and not being very responsive to spam complaints. If I were *you* I'd call them and ask why their server(s) are blacklisted and what they're doing to recover their customers' connectivity. Lots of services and sites use Dorkslayers, so you're gonna have lots of other problems. Anyway, the next release of NetMail/3000 supports (in addition to the spam filters we already had integrated) dynamic selection of any (or all) of the MAPS, ORBS/DUL, and Dorkslayers services. Dorkslayers has caught a few (like Tony) but sure catches alot of real SPAM. As a dynamic service, it's the quickest to 'react' to spammers and since it automatically re-tests blacklisted machines (and admins can have their servers checked on demand when they fix their problems) so it's also the most current service. As Tony noticed though, they take no prisoners; admins running misconfigured mail servers need to take notice that the rest of the 'net isn't going to keep being subjected to junk that should have been prevented by due diligence. FWIW; my daily spam ingestion has dropped to less than half of what it was before the dynamic filters were added. -Chris (remove nospam...if you dare?) Bartram