[51869] in North American Network Operators' Group
RE: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Al Rowland)
Mon Sep 9 13:19:38 2002
From: "Al Rowland" <alan_r1@corp.earthlink.net>
To: <nanog@merit.edu>
Date: Mon, 9 Sep 2002 10:18:37 -0700
In-Reply-To: <20020909123351.L21998-100000@sequoia.muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
Kinda breaks broadband streaming audio/video in a Java/other web applet
though...among other things.
Best regards,
_________________________
Alan Rowland
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Iljitsch van Beijnum
Sent: Monday, September 09, 2002 3:50 AM
To: Hank Nussbacher
Cc: nanog@merit.edu
Subject: Re: How do you stop outgoing spam?
On Mon, 9 Sep 2002, Hank Nussbacher wrote:
> The spamming is usually done (but not only) from an Internet cafe
> where the spammer inserts a "spammer CD" and blasts away at open mail
> relays. When SMTP is blocked for that IP, they switch to HTTP and
> send the spam via MSN, Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail,
> etc. to name just a few. Blocking port 80 is harder since it requires
> maintaining an ever larger list of free public web based mail systems
> or just block port 80 entirely.
You could traffic shape or rate limit the traffic towards port 80 to a
few kbps for each IP address that might be used for spamming. If you
allow small bursts (10 - 50k) this should be just fine for regular web
access, since for that outgoing traffic is minimal: just the HTTP
requests and ACKs. However, it will slow down spamming to at most a
couple dozen spams per minute after the first few that fill up the
configured burst size. I imagine this will make the spammers move on to
greener pastures.
