On Wed, 13 Apr 2005 20:38:44 UTC "Steve Meuse" <smeuse@gmail.com> wrote:
On 4/13/05, John Palmer <nanog@adns.net> wrote:
Thank you for that information. I can leave 41/8 in my router bogon list and hopefully eliminate the Nigerian 419 problem somewhat.
Personally, I believe we should give them the chance to fail before we cut them off from the rest of the world. I don't think the majority of 419 email comes from addresses actually sourced in Nigeria.
The largest part (>90%) does originate in Nigeria. The remainder comes from countries adjacent to Nigeria such as Togo, Senegal, etc (~6%) or from the Netherlands (~4%) Unfortunately, the traffic originating in Nigeria comes out on satellite connections which have established IP ranges assigned to the Satellite operator and configured as part of his ASN. In other words, they will mostly match the location of the Satellite downlink - UK, Denmark, or Israel etc. Typically less than 10% of the traffic from Nigeria uses IPs assigned on the basis of the network actually being in Nigeria. The 419 scammers are so used now to port 25 on their own IP addresses being blocked (either by their own ISP or by the recipient network) that they have all but given up on direct mailing. Their main methods are to send through Webmail on a network that doesn't take subscription security sufficiently seriously (Tiscali, Microsoft Hotmail, etc) or to use a compromised server such one running PHPNuke webmail. Leaving 41/8 as a bogon, or otherwise filtering it, will make less than 1% overall difference in the volume of 419-style spam that you receive. Just for completeness, the "lottery" style scams, which are another form of Advance Fee Fraud, also originate in Nigeria even though they may claim to be from people in the UK or in other parts of the EEC. Just to keep this on topic I will relate the tale of a systems engineer who I called, to point out the volume of 419 mail coming through their mailservers. "I can't look at that now", he said, "the current load on our smarthosts is so high that the mail is backing up - and I have to get this proposal for four new servers finished for the Board tonight" Then it suddenly dawned on him why his mail load had become so high ... -- Richard Cox