on Sun, Jun 29, 2003 at 09:46:28PM +0100, Patrick Kirk (patrick@kirks.net) wrote: > Hi all, > > I'm trying to put together a web data base to allow people identify > which machines are the primary routes of spam into our Inboxes. > > Does anyone have a useful link? Spamcop seem to have a fine list but I > don't really plan on spending $1000 right now. You're trying to identify spamhosts from your incoming mail? Or you want a list of spamming IPs? If the latter, you should look at one or more of the RBL-type lookup lists. These are typically queried via DNS, some are free, some are not. Another alternative would be to run (or monitor) a set of mailservers, and to look at patterns in traffic coming in to them. In the, um, little thread on challenge-response and related spam alleviation measures, several people have described mailserver configurations in which incoming mail is tested in realtime for spam characteristics, and the connection the mediated accordingly (accept, reject, or hold open the connection for a period of time). This sort of mechanism could be trivially adapted to record connecting IPs and the spamminess of connections received via same. In fact, such recording itself is useful as an antispam measure. One tactic is to deny (non-permanent error) the first connection that a mail server, any server, makes to your host. Most servers will wait through a timeout period of a few minutes then retry, many spam servers will either never try again, or reconnect hours later. Adding RBL lookup checks provides a ready means to then deny connections from known spam hosts. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Iomega: click of death, Jaz Junk, and now, NAS? Not! http://www.google.com/search?q=iomega+jaz+drive+failure
Attachment:
pgpP49LXLhsT9.pgp
Description: PGP signature