[unisog] AOL rejects forwarding?

Dave Dittrich dittrich at u.washington.edu
Wed Nov 3 20:29:08 GMT 2004


Are you calculating in the Agobot/Phatbot compromised hosts on your
network?  These do direct spam delivery, and are used very often
specifically because they get around blacklists.  If someone has
control of 20,000 hosts, they only need to use a few dozen to deliver
millions of spam messages today, then abandon them and use the next
set of a few dozen tomorrow, etc.  The blacklists cannot keep up with
this, and your site as a whole can be an ongoing problem
and blocked for that reason.  This isn't just about MX hosts.

On Wed, 3 Nov 2004, Joseph Brennan wrote:

>
> > Are you guys using any DNSBLs?  It's quite possible that the reason they
> > are complaining about forwarded spam is that you're forwarding a lot of
> > spam!
>
>
> Speaking for us... we are using three DNSBLs, Spamassassin, a slew
> of Mimedefang rules, and a huge locally maintained deny list.  We
> reject about 40% of the mail from outside.
>
> But that is totally beside the point.  The only reason our hosts
> send message one to aol is that our=their users have requested
> forwarding to aol.  My goal currently is to get a clear position
> from aol on mail forwarding.
>
> Joseph Brennan
> Academic Technologies Group, Academic Information Systems (AcIS)
> Columbia University in the City of New York
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>

--
Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5



More information about the unisog mailing list