North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Providers removing blocks on port 135?

  • From: Justin Shore
  • Date: Sat Sep 20 21:41:25 2003

On Sat, 20 Sep 2003, Margie wrote:

> Very little spam coming off dialups and other dynamically assigned,
> "residential" type connections has anything to do with open relays.
> The vast majority of it is related to open proxies (which the machine
> owners do not realize they are running) and machines that have been
> compromised by various viruses and exploits.  These are machines that
> should not be running outbound mailservers, and in most cases, the
> owners neither intend nor believe that their systems are sending
> mail.      Merely stating that people shouldn't run open relays
> didn't stop spam four years ago and it is less likely to do so now. 

This veers off the original topic.  Of course I don't think any of us
recall what that was anyways...  I remember back when I first started
using the DUL.  Of all the DNSBLs I used at the time it blocked the most
spam of any of them.  I mean that by long shot.  About the time the DUL
and other MAPS lists went commericial is about the same time I noticed
fewer and fewer hits on the DUL.  We still pay for an AXFR (IXFR) of it
but it doesn't block nearly as much as it used to.

The open proxy lists block an unbelievable amount of spam.  In theory the
DUL would take care of this if it also list residential dynamically
assigned cable/dsl lines (if it doesn't already, hmmm...).  Still the 
open proxy DNSBLs seem to be more effective now.  Bottom line, use every 
DNSBL you possibly can and don't be afraid to pay for them.  I strongly 
recommend redirecting SMTP traffic for this same class of user as well.

Now I'm going to get even more off-topic.  It occurs to me that major
changes to a protocol such as SMTP getting auth should justify utilizing a
different tcp/ip port.  Think about it like this.  If authenticated forms
of SMTP used a different TCP/IP port we netadms could justify leaving that
port open on these same dynamically assigned netblocks in the theory that
they are only able to connect to other authenticated SMTP services.  
Doesn't that seem logical?

Justin