[7690] in North American Network Operators' Group
Re: while i'm on the subject of filtering, here's today's list of spammers
daemon@ATHENA.MIT.EDU (Karl Denninger)
Wed Feb 19 23:28:45 1997
From: Karl Denninger <karl@Mcs.Net>
To: robert@portal.dx.net (Robert Laughlin)
Date: Wed, 19 Feb 1997 22:26:04 -0600 (CST)
Cc: karl@Mcs.Net, paul@vix.com, nanog@merit.edu
In-Reply-To: <Pine.3.89.9702192310.E8865-0100000@portal> from "Robert Laughlin" at Feb 19, 97 11:27:01 pm
>
> I am confused, how would filtering at the smtp port on source address
> work?
What you do is return a 421 error if you don't "like" the source address
(this is checked very early on). You can also return a 500-series error,
but that generates an immediate bounce, which is "nice" to the spammer.
I prefer to be nasty and eat their resources instead.
> If delivery fails, does not the sender often use MX records and
> send via an intermediary host?
Not if you return a 400-series error. The host doing the sending will
retry. If you block at the packet level, then yes, the sender will go
to a secondary MX *IF* there is one and it can be reached.
The 421 response is the best possible one, because it screws the sender,
is cheap compute-wise for you, and has the desired effect without causing
other disruption.
> If so the source address is lost unless
> all the MX hosts have the same filter list. And in any case I believe
> that typically sendmail will accept email from anyone for delivery to
> anyone. So a spammer could scatter his emails all over the Internet thru
> thousands of intermediate hosts, if he used the right software to do it.
>
> Best Regards,
> Robert Laughlin
He has to be able to inject it in the first place.
As more potential relays implement this, that becomes much harder.
--
--
Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service
| 99 Analog numbers, 77 ISDN, Web servers $75/mo
Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/
Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
