[166751] in North American Network Operators' Group
Re: Do you obfuscate email headers when reporting spam issues to
daemon@ATHENA.MIT.EDU (Doug Clements)
Wed Nov 6 17:09:44 2013
In-Reply-To: <CAP-guGWwf=hVUWatmn14v-7Ssor29WQ8tJpoyJJZ+S5Gcf3j+w@mail.gmail.com>
Date: Wed, 6 Nov 2013 17:09:19 -0500
From: Doug Clements <dclements@gmail.com>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 6, 2013 at 4:45 PM, William Herrin <bill@herrin.us> wrote:
> Incidentally, I'd suggest that an ounce of prevention is worth a pound
> of cure. Simply block outbound tcp port 25 for new hosting customers
> on a "tell me if you want it open" basis.
>
>
Or to thwart those clever spammers, block inbound SYN/ACK packets with a
source port of 25. This catches the ones who send SYNs out other providers
with your network's source addresses which bypasses most simple ACLs.
--Doug
