North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: anybody else been spammed by "no-ip.com" yet?

  • From: Terence Giufre-Sweetser
  • Date: Thu May 09 21:30:54 2002

> > We're trying to discourage bulk emailers, not individuals.
> 
> Then the way to do this is to make the cost of sending mass mail more
> expensive than sending only a few here and there.  In short, we need a
> way to prevent the use of the $19.95 throw-away account that is used
> to send the vast majority of spam.  Let's face it, only the biggest of
> the hardcore spammers are willing to pay out for dedicated lines. How
> about something along the lines of dial accounts having their outgoing
> SMTP connections rate limited to, oh, let's say 100 per day, and
> limiting the maximum number of recipients on any given email to some
> low number, say 5? A customer reaches the limit, the account
> auto-rejects all email for 24 hours. Someone bitches?  Let them buy
> full rate dedicated services, with the first month, last month, and a
> security deposit up front before service is established.

Now there's a good idea, and it works, I have several sites running a
"port 25" trap to stop smtp abuse.

To stop port 25 abuse at some schools, the firewall grabs all outgoing
port 25 connections from !"the mail server", and to !"the mail server",
and runs then via "the mail server", which stops header forging, mass rcpt
to: abuse, and vrfy/expn probing. Anything that goes past the filters has
a nice clear and traceable received by: line.

If a few of the larger pre-paid isp's could simply filter port 25 on their
accounts, add some sanity checking (like, a user must be using a valid
email address in the from:/return-path:/reply-to: lines, etc) and reject
other abuse like rcpt to: stacking.  Plus, add a anti-bulk email check,
like razor or checksum clearinghouse, (yeah, seriously, checksum the
outgoing emails, if some humans somewhere have said "this is spam", then
/dev/null or BOUNCE the outgoing email.)

I'd even be inclined to place these filters at the border to smaller
downstream isp's, let them register their valid email domains, any user
from their network trying to send invalid email, or email that is listed
in razor, just kill it or auto-refer to the abuse desk.

[This may sound expensive, but on reflection, a US$2K box with BSD could
handle 20Mbps of port 25, remember only port 25, nothing else, you would
place one behind your dial up infrastructure, or several for a large site,
and your "transparent smtp proxy" would pay for itself by killing off a
lot of your [email protected] work.  There was many ways of redirecting the port 25
packets, have a look at all the good work done on port 80 transparent
proxies.]

// :), patent pending? No, the concept is hereby commited to the public
domain. //

---
Terence C. Giufre-Sweetser

+---------------------------------+--------------------------+
| TereDonn Telecommunications Ltd |  Phone +61-[0]7-32369366 |   
| 1/128 Bowen St, SPRING HILL     |    FAX +61-[0]7-32369930 |
| PO BOX 1054, SPRING HILL 4004   | Mobile +61-[0]414-663053 |
|          Queensland Australia   |  http://www.tdce.com.au  |
+---------------------------------+--------------------------+