while i'm on the subject of filtering, here's today's list of spammers

Filtering by domain names doesn't work. Filtering by email source address
doesn't work. Complaining, by itself, doesn't work. Asking to be removed
from the spammer's spam list VERY DEFINITELY doesn't work.

Filtering by connection to the SMTP port, based on source address, very
definitely DOES work.

Removing people from the cooperative portion of the Internet works fine.

Overbroad and unnecessary.

If those of us who "fight spam" laid back and did nothing, you and every
other online Internet user would be getting ten spams an hour by this time.
It took a legal judgement against Sanford Wallace to get him to stop spamming
all of AOL and Compuserve. Jeff Slaton finds it hard to get a new internet
connection every time he soils a new nest.

And again, unnecessary and overbroad. Filtering at the SMTP receiver port
is perfectly fine, it works, and it doesn't prevent other traffic.

The BGP peerage pressures are trending the Internet toward settlements, which
is not a cooperative economic system. In such a system it will be hard as
nails to get a new ISP started since the people you want to peer with won't
want you as anything but a customer. However, the one side benefit will be
that spamming will cost as much, or more, than postal system advertising.
I would like to solve the problem with social pressure, but sooner or later
it will be solved by making a new noncooperative economic underpinning.

CIDR and provider-based network numbering has already done that Paul, unless
you like being tied to your upstream provider in perpetuity.

Or, in the other case, you only like selling dynamic dial-up with no
permanent addresses mapped to DNS names *anywhere* on your network or those
of your customers. Those ISPs *ARE* a dying breed, if they're not already

Wholesale filtering sets an ugly precedent. If someone was sending SYN
packets with random port numbers it would be one thing (and the only
effective thing that could be done) but in this particular case it is
neither necessary NOR, in my opinion, appropriate for a network which
operates a *PUBLIC* resource.

You speak of cooperative models on one hand, yet don't support those on
the other (e.g. eDNS). The truth is evident when you start erecting
full-blown packet filters, which are unnecessary, as a response to a
personal affront.

It took me 30 seconds to add Earthlink's POPs to my SPAM-blocker SMTP port
reject list this morning. That has a near-zero impact on legitimate email
delivery, but it stops cold any attempt to relay spam through our

That's a point-source response to the problem Paul. Try it on sometime.

I am confused, how would filtering at the smtp port on source address
work? If delivery fails, does not the sender often use MX records and
send via an intermediary host? If so the source address is lost unless
all the MX hosts have the same filter list. And in any case I believe
that typically sendmail will accept email from anyone for delivery to
anyone. So a spammer could scatter his emails all over the Internet thru
thousands of intermediate hosts, if he used the right software to do it.

Best Regards,
Robert Laughlin