[Dshield] Where should you start - I'll wrap it myself

Doug White doug at clickdoug.com
Wed Mar 24 14:19:16 GMT 2004



: <snip>
: Its all very well to say "report all the spam you get", but I get a few
: thousand spam messages a day to various accounts. (The joys of being
: active on tech mailing lists before spam was an issue). I barely have
: time to sort out automatic filtering so that real emails get seen, let
: alone report them all. Also, responding to all the emails would involve
: sending another couple of thousand emails to further clog up my network.

If you are an Outlook/Outlook Express user, there is software available (free)
which will auto-report spam for you to spamcop.   You just set it to monitor the
folder in which your message rules tag as spam and deposit the incoming mail.
Reporting helps maintain the block lists and multiple reports end the
usefullness of a compromised machine is very short order.
:
: It is not a problem which the end user should be resolving; ISPs can see
: quite clearly when a lot of traffic on SMTP ports starts eminating from
: a particular machine. It should not be a serious technical challenge to
: put in some automated monitoring for this sort of traffic increase and
: automatically block the traffic from the infected / compromised machine.
:

If you are a large ISP (example Comcast) with 5 to 10 people staffing your abuse
department, and several million customers and billions of email messages
transiting your system, it would be a very resource intensive task indeed to
monitor outbound traffic, and decide which are legitimate customers as opposed
to compromised machines, and still leave some type of privacy policy in place.
Out of necessity they must be reactive as opposed to proactive.   Currently they
are endeavoring to disconnect or suspend service to customers who have been
reported to them (either direct, or via spamcop, etc.)  Other ISPs just will not
delegate the resources to combat spam, or in some cases are spam-friendly.

With 3 to 5 new virus/worm s being released into the wild on a daily basis now,
and users who still do not see the necessity of installing firewall/andi-virus
solutions, compromised machines are becoming a way of life.

Lastly, I cannot believe that "Big Brother" is the satisfactory solution  in any
case.

======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
If you woke up breathing, congratulations! You have been given another chance!




More information about the list mailing list