North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Hank Nussbacher
  • Date: Thu Aug 10 15:50:45 2006

On Thu, 10 Aug 2006, Peter Corlett wrote:

On 10 Aug 2006, at 19:12, Hank Nussbacher wrote:
I'll answer on-list since this answer can benefit others. The primary reason that the ISP wants to block outbound webmail spam is because the 100s of BLs on the Internet end up blocking large segments of the IP space due to spam reporting by end users. The spammer can end up "burning" quite a few IPs before the feedback loop of user->spam report->BL->ISP->block is completed. Therefore the ISP wants to be proactive and shut off the spam before it even starts. Even if it means losing revenue.

This seems to imply that you're using dynamic addressing.

Not in the least. Every downstream customer is assigned a small range of static IPs. Some get 8 IPs. Over the course of a month, the spammer would walk into the cybercafe and "burn" a different IP each time until every PC in the small cybercafe would be non-functional. And we have gone through all the administrative ideas for combating this. No need to review that. Been there. Done that. Lots of times. If you have some technological solution - then please post so all can benefit. If you have nice ideas, or thoughts, please spare the N:I ratio and end this thread.

-Hank Nussbacher

The rather obvious solution would seem to be that you provide static addressing. It also makes it rather easier to identify the spammer when the complaints come in since you won't need to grovel through your RADIUS logs.