NANOG folk:
Over the past few weeks, I have noticed an influx of SPAM(tm) transmitted by UUNet dynamic IP dial-up users (read: MSN, Earthlink, GTE, etc.) and relayed using Earthlink SMTP relays. Am I turning senile prematurely, or has anyone else noticed this influx?
Yeah, I've seen some of it.
Also, how easy would it be for Earthlink and other nationwide "ISP's" (or more accurately, UU/PSI resellers) to do the following? This would not stop SPAM(tm) dead in its tracks, but I figure it would make it easier to hold spammers accountable at least... unless, of course, they use throw-away accounts, in which case there is not much that can be done...
- institute anti-spam rules on their SMTP relays, i.e. only relay mail reporting to be from earthlink.net and the virtual domains they host
Um..I think "the virtual domains they host" may be the tricky bit. I don't know how UU/PSI do their mail serving, but if Earthlink has its d/u customers point to a UU/PSI relay for SMTP delivery, there's the matter of keeping everyone's records up to date. OTOH, if Earthlink (or whomever - Earthlink is just an example, here) points its customers towards something like mail.earthlink.net for SMTP relay, see below....
- only allow SMTP relaying from IP's assigned to *their customers* dynamically (cross-reference Radius logs?)
Good idea, although I think it may have some negative impacts on performance. Again, there's also the matter of keeping everyone's records in sync. mail.earthlink.net seems to have some basic relay filters in place, although I'm not sure what their complete ruleset is. Take a look at somebody like Xcom (hi, marty!) - www.xcom.net. I'm not affiliated with them in any way, but it looks like what they do may be useful. A Layer 2 approach means that you can assign only _your own_ IPs to dialin customers, which cuts out the aforementioned Radius cross-reference.
Constructive feedback would be greatly appreciated! Together, we CAN make a difference.
Regards, Adam
eric