Response from Cyber Promotions (fwd)

> Read the msg below from Cyberpromo. It is valid for ISPs to block at the
> router level as well as the sendmail level as per Cyberpromo's mail. I
> figured some people here may be interested in this.
>
> Hank Nussbacher
>

This will not work if you have an off-site MX or you have an off-site MX
that doesn't have the same packet filtering rules that you do.

It will time out to the first MX, and deliver to the next. If that next MX
is off-site, it will be delivered there and you will just get the spam
via that route..

It's best done with sendmail rules, I suppose.

jamie g.k. rishaw <jamie@iagnet.net> - Internet Access Group [www.iagnet.net]
  - Cleveland-Pittsburgh-Detroit-Columbus-Akron-Toledo-Cincinnatti-Dayton -
Corp: (800) 637 4IAG / (216) 623 3565. DID: (216) 902 5455. FAX (216) 623 3566.
Personal: jamie@@arpa.com || jamie@@null.net (Remove second @, nonspammers) =)

But most of the bulk spammer programs out there don't follow MX
records. They blast directly into the sendmail port of the primary
machine, and if they can't do that, they leave it at that and move
on.. Blocking spam sites directly at the sendmail level (with
tcp_wrappers), does effectively block out bad domains.

You sure about not following MX'? There is a machine, 'isi.net', but it
doesn't accept mail, and there's an MX pointing to out real mail machine,
yet we constantly get spam

Otherwise everyone would've used this trick to avoid spam

Some of the sendmail rules listed at http://spam.abuse.net/spam/, like the
one that forces the MAIL FROM line to actually resolve, would probably
block a lot of spam, too. But I was wondering if this requires the
address to have an A record, or will an MX suffice; I know lots of people
that send as "user@domain.com" where domain.com is an MX only... I'm just
not familiar enough with sendmail rules to know how it works

If Cyberpromo were really trying to *cough* help, they would set all the
reply-to's in the spams to "abuse@cyberpromo.com"

yeah... right...

  -Taner