[51852] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Mon Sep 9 06:50:23 2002
Date: Mon, 9 Sep 2002 12:49:52 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Hank Nussbacher <hank@att.net.il>
Cc: <nanog@merit.edu>
In-Reply-To: <5.1.0.14.2.20020909120631.0103a3d8@max.att.net.il>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 9 Sep 2002, Hank Nussbacher wrote:
> The spamming is usually done (but not only) from an Internet cafe where the
> spammer inserts a "spammer CD" and blasts away at open mail relays. When
> SMTP is blocked for that IP, they switch to HTTP and send the spam via MSN,
> Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail, etc. to name just a
> few. Blocking port 80 is harder since it requires maintaining an ever
> larger list of free public web based mail systems or just block port 80
> entirely.
You could traffic shape or rate limit the traffic towards port 80 to a few
kbps for each IP address that might be used for spamming. If you allow
small bursts (10 - 50k) this should be just fine for regular web access,
since for that outgoing traffic is minimal: just the HTTP requests and
ACKs. However, it will slow down spamming to at most a couple dozen spams
per minute after the first few that fill up the configured burst size. I
imagine this will make the spammers move on to greener pastures.
