North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Anti-spam System Idea

  • From: Michael Wiacek
  • Date: Sat Feb 14 12:13:05 2004

It just doesn't work :( A few years ago I developed a sendmail
milter system that would perform an open relay test on all new
IP's that attempted to send mail to or through our server. If
the test failed (open relay), the mail was rejected before it
was even sent. If the test passed, the mail was allowed through.
Once this test was performed, the status of the IP address was
recorded for 90 days, after which it was deleted and the test
would be performed again the next time it attempted to access
our mail server. The tests themselves took under 20 seconds on
average. Within 2 weeks we had a list of over 250,000 open relays.

The total cut down in SPAM: somewhere around 10%

Sadly, fact turned out to be that zombies, trojaned machines,
and proxies are the reason. Not that much SPAM is open relay

Mike Wiacek

On Sat, 14 Feb 2004, Tim Thorpe wrote:

> I wanted to run this past you to see what you thought of it and get some
> feedback on pro's and cons of this type of system.
>  I have been thinking recently about the ever increasing amount of spam that
> is flooding the internet, clogging mail servers, and in general pissing us
> all off.
> I think it time to do something about it. very few systems are effective at
> blocking spam at the server level, and the ones that exist have a less then
> stellar reputation and are not very effective on top of that.
> 95% of spam comes through relays and its headers are forged tracking an
> E-mail back that you've received is becoming next to impossible, its also
> very time consuming and why waste your time on scumbags?
> my idea;
> a DC network that actively scans for active relays and tests them, it
> compiles a list on a daily basis of compromised IP addresses (or even
> addresses that are willingly allowing the relay) making this list freely
> available to ISPs via a secure and tracked site.
> to test a relay you actually have to send mail through it, I have a solution
> for this as well, the clients are set to e-mail a certain address that
> changes daily the E-mails are signed with a crypto key to verify
> authenticity (that way spammers can't abuse the address if it doesn't have
> the key, it get canned)
> work with ISP's to correct issues on their network help completely black
> list IP's from their network that are operating as an open relay and
> redirect to a page that alerts them of the compromise and solutions to fix
> the problem. the only way people are going to become aware of security
> issues such as this is if something happens that wakes them up, if they
> can't access a % of the web it would hopefully clue them in.
> because these scans only need to take place once per IP per day and over a
> large distribution of computers performing the tests, I don't see network
> load becoming a big issue, no bigger then it currently is.
> the only way to fight spammers is to squeeze them out of hiding, and that's
> what I hope this system would be designed to do.
> I do not have the coding knowledge to do this I will need coders, I do have
> the PR skills to work with ISPs. I am also working with my congresswoman to
> pave the way for legal clearance for this program.
> I would greatly appreciate your input on this and anything I may have
> overlooked. I would also like to know if this would be a DC program you
> would run.
> a lot of people argue the practical application of DC. although we know
> differently this project would show them what DC can do for them and wake
> them up to perhaps other DC projects.