Matthew Kaufman wrote:

Original message <9608221609.AA21172@wisdom.home.vix.com>
From: Paul A Vixie <paul@vix.com>
Date: Aug 22, 9:09
Subject: Re: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! *** (fwd)
> > Even if I wanted to do this, I don't think I could take the performance
> > hit running an access list that large on my incoming ports would create.
> Thus the beauty of a Null0 route. The initial SYN from their spam maker
> gets through to your SMTP server, but the initial ACK goes into the hole
> rather than back out to their spam maker. It costs you a TCP PCB for a
> short while on the SMTP server, but there are never enough packets to make
> this expensive. And no spam gets through. Try it, you'll like it.
>-- End of excerpt from Paul A Vixie

Our mail server regularly gets stuck with a full listen queue due to
occasional cases of one-way routing out on the net,... deliberately
introducing this would kill it. Consider, for instance, that the spammer
is probably sending mail to dozens of accounts on your system, and each
attempt will generate multiple SYN's, and each one of those wastes a slot
for several minutes. Even if you've cranked it up from the default of 5,
you'll be hosed for hours.

Of course, I suspect that any evidence that multiple providers were filtering
mail based on some agreed-upon list would land all of them in court, though
I'm not a lawyer.

I'd have thought the people likely to take you to court would be your
customers - for not letting people from particular sites send them
email (this assumes that your contract actually guarantees any
conncectivity to the Internet of course, and I get the impression
many Internet service contracts read mostly like disclaimers. :slight_smile: ).

Imagine, for a minute, that some spammer discovers that one of YOUR unix
boxes can be used to forward mail for them, some weekend when you're out
of town,... and your IP address gets blacklisted. How soon would you call
your lawyer to help you recover from what could be a total loss of business?

I like the application level rejection thing - tying rejections to
domain names means that you only have to worry about the "what" and "who"
not the "where from", which is handy given how easy it is to a) claim to
have a From address that is not yours, and b) bounce mail through
different mail relays with the <user%domain@relay-domain> or
<@relay-domain,@other-relay-domain:user@domain> hacks.

Unfortunately your backup MXs can still accept the mail before it
gets rejected by your mail machine, but it shouldn't be too tricky for
them to stop accepting mail for *@somedomain addressed to you with the
same app. level filtering.

MAIL FROM:<user@interramp.com>
252 Sorry, we don't accept mail from Interramp due to continued "spamming"

-matthew kaufman