[Dshield] spam-maker program

John Draper lists at webcrunchers.com
Wed Mar 10 23:45:30 GMT 2004


On Mar 7, 2004, at 9:10 PM, Jonathan C. Webster wrote:

>
>
> John Draper wrote:
>>
>> It's always good to report as much spam as possible.   If you have an 
>> Email
>> address that gets lots of spam,  then use these spams as a tool to 
>> identify
>> the infected hosts,  report them,  and hopefully the ISP's can get 
>> them shut down.
> Are you suggesting that one should forward the whole shovel full back 
> to the abuse address for each "Originating IP"?

No - not at all.  Only the header or enough information for the ISP to 
identify the infected host
which sent the spam.

In our reporting system,  we default to sending just the header,  with 
a tag message at the
bottom that gives the ISP an opportunity to select the full spam 
message if they want it.

> Most of the spam "Originating IP"s that I get are in .cn or .kr. Won't 
> they just black hole their abuse line?

The reports would go to the .kr or .cn's abuse Email,  whether or not 
they act on it,
determines whether or not we CC our spam reports to THEIR upstream 
providers.

John




More information about the list mailing list