[8729] in North American Network Operators' Group
Re: Response from Cyber Promotions (fwd)
daemon@ATHENA.MIT.EDU (Taner Halicioglu)
Mon Apr 21 15:38:54 1997
Date: Mon, 21 Apr 1997 10:37:31 -0700 (PDT)
From: Taner Halicioglu <taner@isi.net>
To: Doug McIntyre <merlyn@Geeks.ORG>
cc: nanog@merit.edu
In-Reply-To: <199704211435.JAA24495@jacobs.Geeks.ORG>
On Mon, 21 Apr 1997, Doug McIntyre wrote:
> But most of the bulk spammer programs out there don't follow MX
> records. They blast directly into the sendmail port of the primary
> machine, and if they can't do that, they leave it at that and move
> on.. Blocking spam sites directly at the sendmail level (with
> tcp_wrappers), does effectively block out bad domains.
You sure about not following MX'? There is a machine, 'isi.net', but it
doesn't accept mail, and there's an MX pointing to out real mail machine,
yet we constantly get spam :-)
Otherwise everyone would've used this trick to avoid spam :)
Some of the sendmail rules listed at http://spam.abuse.net/spam/, like the
one that forces the MAIL FROM line to actually resolve, would probably
block a lot of spam, too. But I was wondering if this requires the
address to have an A record, or will an MX suffice; I know lots of people
that send as "user@domain.com" where domain.com is an MX only... I'm just
not familiar enough with sendmail rules to know how it works ;-)
If Cyberpromo were really trying to *cough* help, they would set all the
reply-to's in the spams to "abuse@cyberpromo.com" ;-)
yeah... right...
-Taner
--
D. Taner Halicioglu taner@isi.net
Programmer/Engineer/Sysadmin Internet Systems, Inc.
Voice: +1 408 543 0313 Fax: +1 408 541 9878
PGP Fingerprint: 65 0D 03 A8 26 21 6D B8 23 3A D6 67 23 6E C0 36
