[79328] in North American Network Operators' Group
Re: botted hosts
daemon@ATHENA.MIT.EDU (Dave Rand)
Mon Apr 4 04:49:54 2005
From: dlr@bungi.com (Dave Rand)
Date: Mon, 4 Apr 2005 01:48:47 -0700
In-Reply-To: Sean Donelan's message on Apr 4, 1:10.
To: Sean Donelan <sean@donelan.com>, Nanog <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
[In the message entitled "Re: botted hosts" on Apr 4, 1:10, Sean Donelan writes:]
>
> On Sun, 3 Apr 2005, Dave Rand wrote:
> > The Kelkea (what used to be MAPS) DUL, with more than 150 million entries in
> > it stopped about 41% of the spam last month. The QIL, a new product, stopped
> > about 55%, with the remainder being stopped by the RBL, OPS and RSS. A view
> > of this from a different perspective (an unrelated ISP) is available at
> > http://status.hiwaay.net/spam.html
> >
> > That means that if just the ISPs that we have identified as having
> > "dynamically assigned" addresses were to install port 25 blocking, more than
> > 1/3 of the spam would vanish.
>
> Why does anyone accept SMTP conenctions from known "dynamically assigned"
> addresses? DUL, QIL, etc should drop all those connections on the floor.
> If everyone was using DUL, QIL, etc, why do they still complain about
> getting spam from dynamically assigned addresses? If mail admins were to
> install DUL lists ....
>
> Does port 25 blocking actually make a difference? Any public data from
> before and after? Or does it just annoy people, cause problems and not
> fix anything?
>
I would not complain, mind you - having more customers is good for my
business.
But why do you think it is right to shift the burden on the recipient to
block access, when it could be done at the source. Yes, it means that
the people getting the cash from the customer would have to actually support
said customer by making it non-annoying for them.
Blocking port 25 has been a good idea for 8 years. Many ISPs have already
done it (some better than others), and it absolutely does fix things.
--
