[70581] in North American Network Operators' Group
Re: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (James Couzens)
Wed May 19 20:07:01 2004
From: James Couzens <jcouzens@6o4.ca>
Reply-To: jcouzens@6o4.ca
To: "Eric A. Hall" <ehall@ehsco.com>
Cc: nanog@merit.edu
In-Reply-To: <40ABEC93.5070804@ehsco.com>
Date: Wed, 19 May 2004 17:06:19 -0700
Errors-To: owner-nanog-outgoing@merit.edu
--=-po0u1zFolDLJTIqAH8ra
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
> extract hostname from url, dig on hostname, whois on addr, and nine times
> out of ten the host is in a CN netblock. that's from the spam that gets
> into my mailbox.
Yes I understand that is what you meant. I just did this on 5 spam in
my mail box, I got:
Domain Name: AAFMALE.BIZ (www.aafmale.biz)
Registrant Country: Canada
Resolves to address: 218.232.109.220 (KRNIC-K) (Korea)
Domain Name: PLANENEWS.COM
Registrant Country: France
Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States)
Domain Name: MIRGOS.ORG
Registrant Country: Russia
Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea)
Domain Name: WINSPR.BIZ (iityvzbtpvw.winspr.biz)
Registrant Country: New Zealand
Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China)
While it is only 5 mails, and certainly nothing to judge by, it does not
seem to be 90%. Although Korea under APNIC it is not China.
> let me state AGAIN that what I really want is a plugin that allows for
> cidr match-lists so that I can also include the handful of non-enforcing
> hosters in Russia, New York, Florida, etc. One responder also suggested
> ASN matchlists but I'm not that mad.
What sort of plugin? MTA? MUA?
Going back to my previous e-mail, all of this effort I think is being
placed in the wrong direction. Focus should be placed on preventing
forgery, and educating users. If we spent the money we are dropping on
hardware and software to stop spam (its in the BILLIONS) on educating
users and pushing anti-forgery / sender authentication/verification
methods forward, we'd have an easier time of all this.
Cheers,
James
--=20
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://gpg.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x6E0396B3
--=-po0u1zFolDLJTIqAH8ra
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBAq/Z7yJv1gm4DlrMRAnJsAKCRTgCLKJTckvpaIxRQLPzbQLakhACgm+Ig
zSxpHqyR7fU+r+ugx99OEQk=
=uvyG
-----END PGP SIGNATURE-----
--=-po0u1zFolDLJTIqAH8ra--
