Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Attack of the Killer Spam

  • From: Eric Osborne
  • Date: Tue Dec 30 20:41:42 1997

> 
> NANOG folk:
> 
> Over the past few weeks, I have noticed an influx of SPAM(tm) transmitted by
> UUNet dynamic IP dial-up users (read: MSN, Earthlink, GTE, etc.) and relayed
> using Earthlink SMTP relays.  Am I turning senile prematurely, or has anyone
> else noticed this influx?

Yeah, I've seen some of it.

> 
> Also, how easy would it be for Earthlink and other nationwide "ISP's" (or
> more accurately, UU/PSI resellers) to do the following?  This would not stop
> SPAM(tm) dead in its tracks, but I figure it would make it easier to hold
> spammers accountable at least... unless, of course, they use throw-away
> accounts, in which case there is not much that can be done...
> 
> - institute anti-spam rules on their SMTP relays, i.e. only relay mail
> reporting to be from earthlink.net and the virtual domains they host

Um..I think "the virtual domains they host" may be the tricky bit.  
I don't know how UU/PSI do their mail serving, but if Earthlink has its d/u
customers point to a UU/PSI relay for SMTP delivery, there's the matter of
keeping everyone's records up to date.

OTOH, if Earthlink (or whomever - Earthlink is just an example, here) points 
its customers towards something like mail.earthlink.net for SMTP relay, see
below....

> 
> - only allow SMTP relaying from IP's assigned to *their customers*
> dynamically (cross-reference Radius logs?)

Good idea, although I think it may have some negative impacts on performance.
Again, there's also the matter of keeping everyone's records in sync.
mail.earthlink.net seems to have some basic relay filters in place, although
I'm not sure what their complete ruleset is.

Take a look at somebody like Xcom (hi, marty!) - www.xcom.net.  I'm not 
affiliated with them in any way, but it looks like what they do may be useful.
A Layer 2 approach means that you can assign only _your own_ IPs to dialin
customers, which cuts out the aforementioned Radius cross-reference.

> Constructive feedback would be greatly appreciated!  Together, we CAN make a
> difference.
> 
> Regards,
> Adam
> 



eric




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.