[Dshield] Need some help testing
jayjwa
jayjwa at atr2.ath.cx
Wed Jul 11 12:10:42 GMT 2007
On Mon, 9 Jul 2007, Abuse wrote:
-> > Are you saying that blocking SMTP traffic from "Dynamic" IP addresses is
-> > a best practice? If so, based on direct personal experience, I disagree
-> > vehemently.
->
-> Since most spam comes from "Dynamic" IP addresses I think it is "best practice".
I don't see this at all. If I did, I wouldn't be complaining about measures
that put the blame on dynamic IPs, because it would be well-placed. The vast
majority of the spam that hits my inbox is from major email providers, namely
Hotmail and Yahoo (yet they never appear on any RBl, truly shocking). They
are far from being filtered here because both have gotten very good at
handling spam complaints. At this day in age, I think any large email outfit
is going to be sending some spam, as long as they let people they don't know
personally sign up for an email account. For that reason, I don't like to ban
by IP/hostname; the few blocks I still have in place are networks that will
not do anything about trouble reports, bounce abuse reports, or don't have any
sort of reachable admin (no postmaster@, no abuse@, no root@, etc. )
Spam that does come from dynamic IPs is almost always from Windows IRC
bot-infected hosts, and IRC bots can infect any Windows host, whether it's on
dial-up or a corporate designated outbound mail server.
-> Static or dynamic if it is from a non-business IP it should be considered
-> dynamic. It stops a lot of spam.
Because business IPs never spam an non-business or personal do? Hmmmm....
I've seen business hosts get infected or zombied or misconfigured too, and
because there is no ISP over their head like an ISP would be (should be)
looking over their customers, that host stays there, spamming away, until
someone complains to its upstream. There's lots of businesses with a Windows
98 box sitting in a corner, untouched by patches (what's Windowsupdate?).
Matter of fact, more than a few come to mind. The point: any system is
'able' to send junk, that ability is not granted based on what type of
connection it sits on, so why filter by it? Perhaps we should call them
"connection filters" instead of "spam filters", as they basing the decision of
spam or not-spam on not what is being sent, but how it's being sent.
--
[RBL:Just A Bad Idea] Do not use DNS-RBL; Demand your ISP stop.
Tell RoadRunner/Adelphia, Netzero,etc: don't trash your mail.
http://www.ifn.net/classic/rblstory.htm
http://theory.whirlycott.com/~phil/antispam/rbl-bad/rbl-bad.html
More information about the list
mailing list