I am confused, how would filtering at the smtp port on source address work? If delivery fails, does not the sender often use MX records and send via an intermediary host? If so the source address is lost unless all the MX hosts have the same filter list. And in any case I believe that typically sendmail will accept email from anyone for delivery to anyone. So a spammer could scatter his emails all over the Internet thru thousands of intermediate hosts, if he used the right software to do it. Best Regards, Robert Laughlin ---------------------------------------------------------------------------- DataXchange sales: 800-863-1550 http://www.dx.net Network Operations Center: 703-903-7412 -or- 888-903-7412 ---------------------------------------------------------------------------- On Wed, 19 Feb 1997, Karl Denninger wrote:
Filtering by domain names doesn't work. Filtering by email source address doesn't work. Complaining, by itself, doesn't work. Asking to be removed from the spammer's spam list VERY DEFINITELY doesn't work.
Filtering by connection to the SMTP port, based on source address, very definitely DOES work.
Removing people from the cooperative portion of the Internet works fine.
Overbroad and unnecessary.
If those of us who "fight spam" laid back and did nothing, you and every other online Internet user would be getting ten spams an hour by this time. It took a legal judgement against Sanford Wallace to get him to stop spamming all of AOL and Compuserve. Jeff Slaton finds it hard to get a new internet connection every time he soils a new nest.
And again, unnecessary and overbroad. Filtering at the SMTP receiver port is perfectly fine, it works, and it doesn't prevent other traffic.
The BGP peerage pressures are trending the Internet toward settlements, which is not a cooperative economic system. In such a system it will be hard as nails to get a new ISP started since the people you want to peer with won't want you as anything but a customer. However, the one side benefit will be that spamming will cost as much, or more, than postal system advertising. I would like to solve the problem with social pressure, but sooner or later it will be solved by making a new noncooperative economic underpinning.
CIDR and provider-based network numbering has already done that Paul, unless you like being tied to your upstream provider in perpetuity.
Or, in the other case, you only like selling dynamic dial-up with no permanent addresses mapped to DNS names *anywhere* on your network or those of your customers. Those ISPs *ARE* a dying breed, if they're not already dead.
Wholesale filtering sets an ugly precedent. If someone was sending SYN packets with random port numbers it would be one thing (and the only effective thing that could be done) but in this particular case it is neither necessary NOR, in my opinion, appropriate for a network which operates a *PUBLIC* resource.
You speak of cooperative models on one hand, yet don't support those on the other (e.g. eDNS). The truth is evident when you start erecting full-blown packet filters, which are unnecessary, as a response to a personal affront.
It took me 30 seconds to add Earthlink's POPs to my SPAM-blocker SMTP port reject list this morning. That has a near-zero impact on legitimate email delivery, but it stops cold any attempt to relay spam through our mailservers.
That's a point-source response to the problem Paul. Try it on sometime.
-- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal