|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spammer Bust
Russ Haynal wrote... > At 04:35 PM 9/5/97 -0400, Jeremy Elson wrote: > >I had two very similar incidents of PSI not knowing what was going on. > >I've gotten a lot of spam that originated from PSI dialup users but using > >Earthlink as a mail relay; for example, this one: > > Recognize that Earthlink is a "national" provider by virtue of the fact > that its customers are allowed to connect through PSI and UUNEt POPs (and > other ISP's POPs?). Just last week I established an Earthlink dial-up > acount for one of my relatives. Many of the Earthlink POP phone numbers > turned out to be Phone numbers belonging to PSI, UUNET. It was interesting > that the PPP Dial-up logon user ID was of the form: "ELN/userid" The > "ELN/" in front of the userid stands for Earthlink Network, so that > PSI/UUNET knows to which ISP to route the particular dial-up user. > > I would suggest that your particular Spammer IS an Earthlink User, (who > happens to dial-in through a PSI POP) In this instance, I guess PSI would > have to be considered "just an innocent carrier" like the local phone > company that also helps the Spammer reach his ISP (Earthlink) PSI is not exactly an innocent carrier here. There are several reasons. The reverse DNS identifies the port as PSI. If the port IP address is exclusive to a reseller, then it should be delegated to the reseller. If the address is overloaded and could be different resellers at different times, then PSI forces themselves to be in the loop to identify who's customer was using it at the time. They better be providing to the customer (e.g. Earthlink) the list of which users connect when for tracking purposes. PSI can choose who they do business with. If PSI was reselling to Cyberpromo then I'd have no qualms about blocking the entirety of PSI. Earthlink may well be elevated to near Cyberpromo if all of what I hear about continues. In much the same way as any backbone is called on to drop a smaller ISP that is regularly spamming, the presence facility provider can drop a presence reseller if that reseller is causing them problems. So as long as PSI is in the loop (and they are for overloaded ports or incorrectly delegated reverse DNS) then it's a problem for PSI and PSI is the one that needs to deal with at least some aspect of it (many solutions depending on their business preferences). > [One alternative thought, (and it's a messy one)... Most ISP's can restrict > their mail gateways to accept their customers only, but I wonder if > Earthlink would be able to configure its mail server to prohibit customers > of PSI's and UUNEt's Dial-up services from using Earthlink's mail server.] If the addresses are overloaded, then they can't. If so, PSI (and UUNET) would be introducing more problems. PSI is still in the loop. PSI still needs to take some action somewhere. It's up to them. -- Phil Howard KA9WGN +-------------------------------------------------------+ Linux Consultant | Linux installation, configuration, administration, | Milepost Services | monitoring, maintenance, and diagnostic services. | phil at milepost.com +-------------------------------------------------------+
|