So contrary to what you said, perhaps I should just Null Route all
email originating from the USA?
While this is verging off our remit here, I would clarify the point
originally made, which is that if a URL - that is, a URL cited in the
body of a message - points to an IP physically located in China, then
that signals a high probability of the message being spam.
The physical source of the message - which is likely to be in the US
or China - will most probably not be visible to the recipient due to
the use of anonymising proxies and other "zombie" senders - those IPs
are likely to be on "consumer" networks just about anywhere ...
Fair enough, my apologies on my misinterpretation. However, I am
curious what source you have for your statistic. Going through the spam
that I've got access to (and it is a substantial amount allbeit not in
the millions of spam per day) I can't seem to associate the spam with
chinese urls, and certainly not to the extent that you indicate (90%).
extract hostname from url, dig on hostname, whois on addr, and nine times
out of ten the host is in a CN netblock. that's from the spam that gets
into my mailbox.
let me state AGAIN that what I really want is a plugin that allows for
cidr match-lists so that I can also include the handful of non-enforcing
hosters in Russia, New York, Florida, etc. One responder also suggested
ASN matchlists but I'm not that mad.
extract hostname from url, dig on hostname, whois on addr, and nine times
out of ten the host is in a CN netblock. that's from the spam that gets
into my mailbox.
Yes I understand that is what you meant. I just did this on 5 spam in
my mail box, I got:
Domain Name: PLANENEWS.COM
Registrant Country: France
Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States)
Domain Name: MIRGOS.ORG
Registrant Country: Russia
Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea)
Domain Name: WINSPR.BIZ (iityvzbtpvw.winspr.biz)
Registrant Country: New Zealand
Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China)
While it is only 5 mails, and certainly nothing to judge by, it does not
seem to be 90%. Although Korea under APNIC it is not China.
let me state AGAIN that what I really want is a plugin that allows for
cidr match-lists so that I can also include the handful of non-enforcing
hosters in Russia, New York, Florida, etc. One responder also suggested
ASN matchlists but I'm not that mad.
What sort of plugin? MTA? MUA?
Going back to my previous e-mail, all of this effort I think is being
placed in the wrong direction. Focus should be placed on preventing
forgery, and educating users. If we spent the money we are dropping on
hardware and software to stop spam (its in the BILLIONS) on educating
users and pushing anti-forgery / sender authentication/verification
methods forward, we'd have an easier time of all this.
gosh! maybe someone should set up a mailing list to discuss
spam, anti-spam, ...?
you mean they have? well, then maybe a bunch of us network
operators (as opposed to spam weenies) should go over there
and talk about sdh, router configs, circuit provisioning,
etc.
I've got a clue Randy Bush. Last time I checked SPAM has a serious
impact on my network, and the network of others. The topic of SPAM is
exceptionally relative to someone who operates a network. Now enough of
the needless insults and forward with the discussion at hand.
Folks, If I may offer a humble opinion here before this gets out of hand.
I see many (me included) trying to side step the issue that SMTP is a broken
and insecure protocol for that of electronic messages(ing). I see folks
blacklisting,
RBLing, and other methods in an attempt to fix the issue, which frankly is a
band-aid
to the entire mess. We can sit here and do route statements like
ip route 200.0.0.0 255.0.0.0 127.0.0.1 till were blue in the face and need a
spread sheet
to keep up with the muk, but its only a side step to the problem. Until
either
1: SMTP/ESMTP is fixed so that spoofing cannot occur
or
2: Another method/protocol of email/messaging is adopted
we are only going to keep spinning our wheels so to speak.
I hate just as much as the rest to pay for the garbage of spam, but until
all the MS and AOL
users start using another standard we'll have to keep bandaiding the problem
to
keep our customers and jobs. We can all agree its a problem, period.
What's most interesting about the half-dozen accusations of xenophobia
I've received (off-list and on) is that they've almost all come from
foreigners. I promise not to read anything into that. Really.
Could it be perhaps because us foreigners are conditioned by repeated exposure to the xenephobic attitudes of USofA "patriots" ?
What's most interesting about the half-dozen accusations of xenophobia
I've received (off-list and on) is that they've almost all come from
foreigners. I promise not to read anything into that. Really.
Could it be perhaps because us foreigners are conditioned by repeated
exposure to the xenephobic attitudes of USofA "patriots" ?
3: We change the economics of spamming in some other fashion. I've been
advocating taking up a collection - every ISP that has an inbound spam problem
kicks in just $100 - if there's 4,000 ISP's in the US (including all those
mom&pop sites with E-bay routers), that's a pretty chunk of change. We then
hire a few representatives from <choose ethnic organized crime> to "explain our
point of view" to a few of the aforementioned 200 big offenders...
Unfortunately, there's these concepts of "legality" and "morality" involved...
