[Dshield] Need some help testing

jayjwa jayjwa at atr2.ath.cx
Wed Jul 4 08:27:51 GMT 2007 

On Mon, 2 Jul 2007, Mar Matthias Darin wrote:

-> I have written an antispam tool (linux based) called DynaStop, originally 
-> for Exim,but will work with any MTA that can call an external process 
-> and act on return codes.

>From its website:

----------
This can be a pivotal factor in e-mail filtering and server load management as
dynamic IP addresses are typically used for dial-up, dhcp, and DSL accounts.
All of which have a designated mail exchange server that all outbound mail
flows as defined with many if not most large Internet Service Providers (ISP)
such as Road Runner, ATT, Qwest, PacBell, BellSouth, EarthLink, AOL, and many
more around the world if their terms of service or acceptable use policy.
----------


Yet more "let's off-load the spam problem on the people least likely to be 
able to fight for themselves, cuz who cares if their mail is blocked?" 
solutions? When will people read their logs and see that most real, verified 
spam is coming from the so-called "official" ISP's mail servers and large email 
providers?

Let's think like the enemy for a second. If I'm a spammer, and I want to hit 
home with my crap (millions of email, phishes, etc), where am I going to send 
it from? A source already heavily blocked, a system that's not even a bonafide 
mail server, a computer that's likely putting out 6Kbps (max) where I'll have 
to wait hours for even a few megabytes of stuff to go, a system already 
locked-down in DNS-RBL, or will I use systems with 1) high through-put, 2) not 
listed in RBL, 3) popular mail carriers almost everyone is likely to take mail 
from? I'm sitting on the same Internet as everyone else, and I report spam 
from Hotmail, Yahoo, those so-called "proper" ISP MTA's and other major email 
providers as I dare %97 of all spam.

The spam that IS coming from dynamic hosts is being routed through those 
servers anyway! Check that 'received' block before the 'proper' mail server: 
Ah! there's the dial-up, dhcp, DSL account. Hidden nicely. It's like a wolf 
putting on sheep's skin for a second: "Here, look, I'm a sheep, take my mail!" 
Spam block avoided.

Email is all but ruined as a means of communication. And it's not because of 
spam itself, because spam arrives *with* email. It's because of email being so 
choked off by well-meaning but mis-guided anti-spam measures that *stop* 
email. I've tried to contact a number of people on this list about different 
things, and the usual response is bounce from a block-all RBL or a bounce from 
a draconian filter. That's why people with valid email accounts have those 
'contact.php or contact.html' forms: they're unreachable by email...a victim 
of their own devise.

When did controlling one's own email become a luxury of the privileged few? 
How much to get my own "officially approved" server sitting on it's own domain 
with back and forth DNS on a static line? Does anyone have an ISP for sale, so 
I too can send email on my own (hope they take credit)? No RFC says mail 
servers are only for the ones with deep pockets.

This was not the way the Internet was set up. It's equal to censorship, and 
that's never good. It works like this: let's cut up the Internet into major 
corporations and companies (Road Runner, ATT, Qwest, PacBell, BellSouth, 
EarthLink, AOL etc.). Next, we make not signing on with these guys and going 
it on your own too expensive for the common joe-average. We enforce that by 
setting up filters and block lists on traffic from anyone but those places. 
Finally, force all the sign-on's to sign AUP's that say trying to step around 
those is forbidden: no in-bound traffic; no servers; no mail servers. Maybe 
block port 25 for good measure. Now those 7 or so (how many ever) have an 
effective strangle hold on all Internet traffic, with the people running these 
lists and making these filters helping them control their fellow peers.

Is this the Internet everyone wants? It'll be like TV! What to watch to night? 
Fox, NBC, ABC, AOL, Yahoo? Park yourself in front of your computer- no 
keyboard required because you ain't sending anything...oh no. You've been 
blocked. Filtered. Censored out.

No thanks.

-- 
[RBL:Just A Bad Idea]
  http://www.ifn.net/classic/rblstory.htm
  http://theory.whirlycott.com/~phil/antispam/rbl-bad/rbl-bad.html

More information about the list mailing list