North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: Stephen J. Wilcox
  • Date: Sat Oct 09 15:05:46 2004

On Sat, 9 Oct 2004, Gadi Evron wrote:

> Blocking port 25 for dynamic ranges means they can't send email, so that 
> drone are pretty useless for spammers on that account. Trojan horses 
> would have to use local information for the user's own account (from 
> Outlook or such).

my users like being able to send email. i dont think this can work! (and there 
are many legit reasons for not using our own smtp servers.. indeed we have custs 
on other ISPs network who use our smtp server)

> ISP's could then, I suppose, limit every user to 5 emails a minute (or 
> any other number).

5 emails or 5 recipients? i can send one email with hundreds/thousands of 
rcpts.. and again, there are lots of legit reasons for sending a batch of emails

> That combined with domain-keys and sender-ID could make for a much 
> prettier Internet, don't you think?

you mean SPF? i agree, use as many tools as are available in conjunction with 
something like spamassassin to score mails as likely spam

> Abuse using port 25 is a major issue today, why not solve it? If a user 
> wants it open, they could always ask for it or even pay more money. 
> Perhaps move to a static IP?

there are many ways of sending spam that dont use port 25.. 

individual rules are costly to implement and users wont use a service where you 
have to pay more for basic services