on Sun, Jun 29, 2003 at 09:46:28PM +0100, Patrick Kirk (patrick@kirks.net) wrote:
> Hi all,
>
> I'm trying to put together a web data base to allow people identify
> which machines are the primary routes of spam into our Inboxes.
>
> Does anyone have a useful link? Spamcop seem to have a fine list but I
> don't really plan on spending $1000 right now.
You're trying to identify spamhosts from your incoming mail? Or you
want a list of spamming IPs?
If the latter, you should look at one or more of the RBL-type lookup
lists. These are typically queried via DNS, some are free, some are
not.
Another alternative would be to run (or monitor) a set of mailservers,
and to look at patterns in traffic coming in to them. In the, um,
little thread on challenge-response and related spam alleviation
measures, several people have described mailserver configurations in
which incoming mail is tested in realtime for spam characteristics, and
the connection the mediated accordingly (accept, reject, or hold open
the connection for a period of time).
This sort of mechanism could be trivially adapted to record connecting
IPs and the spamminess of connections received via same. In fact, such
recording itself is useful as an antispam measure. One tactic is to
deny (non-permanent error) the first connection that a mail server, any
server, makes to your host. Most servers will wait through a timeout
period of a few minutes then retry, many spam servers will either never
try again, or reconnect hours later. Adding RBL lookup checks provides
a ready means to then deny connections from known spam hosts.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Iomega: click of death, Jaz Junk, and now, NAS? Not!
http://www.google.com/search?q=iomega+jaz+drive+failure
Attachment:
pgpP49LXLhsT9.pgp
Description: PGP signature