North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Despamming wholesale dialup

  • From: Bryan Bradsby
  • Date: Thu Oct 29 23:04:43 1998

First Harold outlined this plan for AGIS modems rented to ISPs: 

    To address this i have proposed installing filters that will only
    allow these folks to connect to port 25 of the ISP that has
    bought the ports. This way they are not able to relay off of anyone
    elses machine

Then Roeland recommended: 

    What I really suggest, and this takes some work on your part, is to
    contact the site's admin and inform them of their open-relay status.

We do this now. When a site is blocked by our subscription to ORBS, i send
them a nice friendly note, admin to admin. How many? A couple hundred a
month. Some fix it promptly. Some send me a nice thank you note. Most
don't (do either one). 

And more: 

    If they won't close the relay, block them. Alternatively, you can
    assume that if they haven't gotten their relays closed by now they are
    too clue-less to do so and block them immediately, with notification. 

Sometimes we get complaints from the ORBS blocked ISP's customer (via my
customers).  Got two recently from customers of some Dallas and Houston
based ISPs.  We notified these ISPs 1 and 2 months ago respectively.  Clue
deficient, or priorities skewed?  If they would just call me and tell me
when they will fix it, we could make arrangements.  

Then Scott reiterated:

    The problem is when the spam-bastard isn't relaying.  We've been
   getting thousands of messages every week from spammers who buy 
   dialup from various places, then connect directly to the 
   destination mail server to deliver the mail.  That's what this 
   prevents.  I don't know of any other method that does.

If all the ISPs won't do what Harold has proposed, then we have no choice
in our own self defense, but to block port 25 from all the modems by IP
(and open up corresponding holes for responsible SMTP servers in the same
netblock). 

But my question is - Would responsible netops be willing to give me a list
of their (non-relaying) SMTP servers?  

Anything toward fixing the problem is appreciated. 

-bryan
[email protected]  T:512.936.2248  F:512.463.3456