[91726] in North American Network Operators' Group
Re: ISP wants to stop outgoing web based spam
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Thu Aug 10 15:50:48 2006
Date: Thu, 10 Aug 2006 22:50:23 +0300 (IDT)
From: Hank Nussbacher <hank@efes.iucc.ac.il>
To: Peter Corlett <abuse@cabal.org.uk>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <2DF9B76F-1F5F-4D4A-8DB6-C516561760B9@cabal.org.uk>
Errors-To: owner-nanog@merit.edu
On Thu, 10 Aug 2006, Peter Corlett wrote:
>
> On 10 Aug 2006, at 19:12, Hank Nussbacher wrote:
>> I'll answer on-list since this answer can benefit others. The primary
>> reason that the ISP wants to block outbound webmail spam is because the
>> 100s of BLs on the Internet end up blocking large segments of the IP space
>> due to spam reporting by end users. The spammer can end up "burning" quite
>> a few IPs before the feedback loop of user->spam report->BL->ISP->block is
>> completed. Therefore the ISP wants to be proactive and shut off the spam
>> before it even starts. Even if it means losing revenue.
>
> This seems to imply that you're using dynamic addressing.
Not in the least. Every downstream customer is assigned a small range of
static IPs. Some get 8 IPs. Over the course of a month, the spammer
would walk into the cybercafe and "burn" a different IP each time until
every PC in the small cybercafe would be non-functional. And we have gone
through all the administrative ideas for combating this. No need to
review that. Been there. Done that. Lots of times. If you have some
technological solution - then please post so all can benefit. If you have
nice ideas, or thoughts, please spare the N:I ratio and end this thread.
-Hank Nussbacher
http://www.interall.co.il
>
> The rather obvious solution would seem to be that you provide static
> addressing. It also makes it rather easier to identify the spammer when the
> complaints come in since you won't need to grovel through your RADIUS logs.
>
>
