From owner-freebsd-hackers Mon Mar 23 11:24:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA15747 for freebsd-hackers-outgoing; Mon, 23 Mar 1998 11:24:27 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from smtp02.primenet.com (smtp02.primenet.com [206.165.6.132]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA15535 for ; Mon, 23 Mar 1998 11:23:44 -0800 (PST) (envelope-from tlambert@usr06.primenet.com) Received: (from daemon@localhost) by smtp02.primenet.com (8.8.8/8.8.8) id MAA11001; Mon, 23 Mar 1998 12:23:38 -0700 (MST) Received: from usr06.primenet.com(206.165.6.206) via SMTP by smtp02.primenet.com, id smtpd010920; Mon Mar 23 12:23:30 1998 Received: (from tlambert@localhost) by usr06.primenet.com (8.8.5/8.8.5) id MAA06617; Mon, 23 Mar 1998 12:23:25 -0700 (MST) From: Terry Lambert Message-Id: <199803231923.MAA06617@usr06.primenet.com> Subject: Re: freebsd-hackers-digest V4 #75 To: ejs@bfd.com (Eric J. Schwertfeger) Date: Mon, 23 Mar 1998 19:23:25 +0000 (GMT) Cc: tlambert@primenet.com, fhackers@jraynard.demon.co.uk, toniel@flash.net, hackers@FreeBSD.ORG In-Reply-To: from "Eric J. Schwertfeger" at Mar 23, 98 00:32:45 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Oh wait, that's not why destination filtering is a *good* idea, that's > > why it's a *stupid* idea... > > Stupid for your situation, Terry, not for mine. Blocking all hotmail is > not fine for us, because some of our customers are using hotmail. Not that Hotmail is relevent, but... Just FYI, Hotmail is a harvester. If you send mail to a Hotmail user from a non-Hotmail user, or if a Hotmail user sends you mail, your address gets "harvested" and put onto a for-sale "SPAM me" list. Juno does the same thing, as do three of the four "unsubscribe me" ``services'' referenced from the Ziff-Davis page. I intentionally bought (and burned) a domain testing this out. From different accounts, I sent mail to or sent mail from the various "free" mail accounts, or "unsubscribed" using one of the "services" for unsubscribing. I also sent "unsubscribe" messages from other accounts to the various "send an 'unsubscribe' to this account to get off our list" addresses from various SPAM. Each account was seperate, and no address had appeared anywhere at any time, except through those venues. Out of 70 accounts, all but 6 received SPAM. So you would do well to block mail both *from* and *to* such addresses. > So we're to punish everyone that uses an email address who's domain > has ever been forged? All forgeries are detectable. All of them. Period. The "Received:" timestamp/"From:" line ordering give them away. The only place where this isn't so is a SPAM'mer-friendly ISP, which does not verify IP addresses in the timestamp. And yes, such ISP's whould be blocked until they can play by the RFC822/RFC821 header rules. > We don't have metered usage, and aren't near capacity either, so > it's not a serious cost. Well, feel free to burn CPU cycles, disk, and bandwidth dealing with the problem on your end of things. > For the record, I still go through every spam we receive and contact > the ISP of the injection point if it's apparent, I do the same. It's always apparent, because I go through the same "probe" process as the SPAM'mer, with a purpose-built SMTP/DNS client. > and notify anyone that looks like they got used as an unwitting relay, I go further. I offer to help the site disable relaying. I have disabled 28 relays, so far. If I get more relayed SPAM, I will disable those as well, The biggest current offenders are Netcom, MCI, and UU.NET, which apparently resell accounts to the same people, even after AUP violations. These people aren't interested in anti-relay, for the most part, and generally SPAM's through them are via "burnable" accounts. In this case, I make it a point to ensure that the accounts get burned. Not surprisingly, the major SPAM "Providers", when notified of what I do, tend to remove me from their distributed lists. It is simply not cost effective to burn a relay in order to send me, personally, a SPAM for a product which I will never buy. It's simple business sense to *not* SPAM me. > and my time is probably a much more significant cost than the > bandwith of 3% of our email, which even that is a drop in the > bucket compared to how much surfing gets done during lunch > around here. I recommend RBL. If you automate the task, it will take much less than 3% of your time. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message