[30502] in North American Network Operators' Group
Re: surge in spam email (fwd)
daemon@ATHENA.MIT.EDU (Barry Shein)
Wed Aug 9 15:50:20 2000
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14737.46366.326232.877448@world.std.com>
Date: Wed, 9 Aug 2000 15:46:37 -0400 (EDT)
To: woods@weird.com (Greg A. Woods)
Cc: nanog@merit.edu
In-Reply-To: <20000809162503.011618B@proven.weird.com>
Errors-To: owner-nanog-outgoing@merit.edu
On August 9, 2000 at 12:25 woods@weird.com (Greg A. Woods) wrote:
> It's impossible to tell the difference between "legitimate" traffic and
> unwanted traffic arriving from any mailer that's susceptible to theft of
> service attacks, and if you want to block lots of spam then you have to
> block all mail from such mailers. This is also the quickest and most
> effective way to really get the attention of the admins who control such
> mailers too, and in doing so put some pressure on them to fix their
> configurations!
On the other hand they've been at this relay-blocking stuff for years
and spam just goes up and up and the spam technology gets better and
better.
That's the problem, sounds good, no measurables. It all stands on a
sales pitch, basically.
From here it looks like spammers are mining relays in the orient and
other locales and able to come up with them by the hundreds and switch
in seconds automatically if one is blocked.
Attached is a list of 60 different open relays one spammer used on us
just yesterday (the number is number of spams sent before we blocked
it.)
I say the emperors (ORBS et al) have no clothes, and they're mostly
not worth the effort and noise they cause in their campaign to
harangue the (mostly) honest by shaking doors to make sure they're
locked lest a crook get in. There are just way too many doors and
these efforts are kinda like King Knute ordering the tide not to come
in (enough metaphors yet?)
We need laws, there are thus far no viable technical solutions to
spam, and any claim otherwise is IMHO acting in the spammers'
interests (since a legislator would love to punt on the belief that we
just need to close a few more relays and the problem is solved.)
Anyhow: Where are the measurables?
119 entoo.connect.com.au
112 mailsite.dmn.com.au
64 root@www.awf.poznan.pl
56 www.nehls.de
51 berbigao.ciberdados.pt
48 margaux.vital.co.uk
48 203.106.85.201
47 scutter.tele2.net.uk
38 host-195.certex.se
36 213.162.13.133
36 202.3.41.183
33 yarrina.connect.com.au
29 203.126.68.25
28 www.franchise.org.au
28 194.216.173.150
27 mail@203.31.165.4
27 203.116.209.155
24 mta2-rme.xtra.co.nz
24 202.138.13.204
23 www.ctonline.it
22 mta1-rme.xtra.co.nz
22 IDENT:root@tulip.swiftech.net.sg
20 wellington.csi.net.uk
19 asterix.rain.fr
18 twtpemr2.acer.com.tw
18 root@loxy.swiftech.net.sg
18 fwuser@c3n12p5.calypso.net
18 194.186.224.133
18 193.222.60.31
17 ubistb.ubi.pt
16 serv2.is1.u-net.net
16 mta3-rme.xtra.co.nz
16 acemail2.acenet.net.au
15 venus.i3-service.de
15 firewall-user@203.103.72.218
14 194.74.63.249
13 relay.iunet.it
12 mta4-rme.xtra.co.nz
11 aslmsin.com.sg
10 domino.sanitrans.org
6 beer.uven.ru
4 194.172.92.34
3 212.35.64.5
2 rubis.promo.oleane.com
2 mitra.conexis.es
2 203.39.3.182
1 zippy.ims.net
1 skate.cape.com
1 posets.cepymearagon.es
1 c3n12p5.calypso.net
1 aloha.webkahuna.com
1 212.34.192.20
1 212.15.64.10
1 210.63.96.18
1 203.62.199.3
1 203.123.5.231
1 195.141.231.195
--
-Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
