Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks. We've had to start blocking source port 25 to catch the replies from the recipient mail servers in order to prevent this kind of abuse. Chris On 2023-03-09 12:02, John Levine wrote:
Back in the olden days, a spammer would set up a server with a fast broadband connection and a dialup connection, and send out lots of spam over the broadband connection using the dialup's IP address. Since mail traffic is quite asymmetric, this got them most of the broadband speed, and when the dialup provider cancelled their service, they could just dial into someone else. Or maybe work through that giant pile of AOL CD-ROMs we all had. The broadband provider often wouldn't notice since it wasn't their IP and they didn't get the complaints.
Is this still a thing? Broadband providers fixed this by some combination of filtering port 25 traffic both ways, and BCP38 so you can only send packets with your own address. Do providers do both of these? More of one than the other? TIA.
R's, John