Kinda breaks broadband streaming audio/video in a Java/other web applet though...among other things. Best regards, _________________________ Alan Rowland -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Iljitsch van Beijnum Sent: Monday, September 09, 2002 3:50 AM To: Hank Nussbacher Cc: nanog@merit.edu Subject: Re: How do you stop outgoing spam? On Mon, 9 Sep 2002, Hank Nussbacher wrote:
The spamming is usually done (but not only) from an Internet cafe where the spammer inserts a "spammer CD" and blasts away at open mail relays. When SMTP is blocked for that IP, they switch to HTTP and send the spam via MSN, Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail, etc. to name just a few. Blocking port 80 is harder since it requires
maintaining an ever larger list of free public web based mail systems or just block port 80 entirely.
You could traffic shape or rate limit the traffic towards port 80 to a few kbps for each IP address that might be used for spamming. If you allow small bursts (10 - 50k) this should be just fine for regular web access, since for that outgoing traffic is minimal: just the HTTP requests and ACKs. However, it will slow down spamming to at most a couple dozen spams per minute after the first few that fill up the configured burst size. I imagine this will make the spammers move on to greener pastures.