North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Comment spammers chewing blogger bandwidth like crazy

  • From: Ian Mason
  • Date: Mon Jan 15 10:09:57 2007



On 15 Jan 2007, at 00:43, Sean Donelan wrote:


On Sun, 14 Jan 2007, Tony Finch wrote:
I would expect the lists of compromised hosts to be fairly effective -
open proxies of various kinds and perhaps botnet hosts. As for SMTP the
blacklists would only be a starting point that either provide a cheap
preliminary check or feed a more sophisticated filtering system.

If you allow anonymous, unauthenticated access to any system it will be abused. Auctions, blogs, chat, mail, phone, etc. IP addresses have never been good authenticators for applications.

This is not true if you control the IP address space and the routers around it.
I mention this merely because "IP addresses have never been good authenticators"
or the like is becoming a truism. For ISPs with good source filtering in place
then IP addresses ARE good first level authenticators (e.g. filter lists
on management ports). Note: I say FIRST level authenticators; IP addresses are
obviously not suitable as the whole authentication process.


Sending confirmation E-mail addresses aren't that much better. And blacklists will just continue to grow longer.

How do you know your user?