Re: Frank Carmickle and Marco Paganini must die
Michelle Konzack [u] wrote on 20/09/2004 15:38:
Am 2004-09-20 08:05:05, schrieb John Goerzen:
On Sunday 19 September 2004 5:53 pm, Russell Coker wrote:
Please stop using this brain-dead blacklist.
What is wrong with it? End-user machines should not send email
directly, they should use the mail server from their ISP.
That makes no sense. Plenty ISP mail servers are poorly configured.
Yes, this is why SPAMers can not use it...
Pardon me? I know at least three big ISPs in Germany who had their
poorly configured mail servers (which they enforced on their users by
blocking outgoing port 25) abused as spam relays more than once.
My home mail server which is currently running on a dynamic IP ADSL line
has of yet never been used as a spam relay (though several tried to do so).
Known to drop mail. Deliver mail too slowly to be useful. Force users
Yeah, droping all the SPAM
Not only spam.
to use their e-mail address from that ISP. Unreliable.
Not right. Most ISP's allow sending with other E-Mails
All: Certainly not.
The list goes on.
If someone has their own mail server, that makes perfect sense to me.
Good for SPAMers ?
Sorry, but most spam isn't send by regular MTAs like Exim/Postfix or
sendmail these days, but by trojans on some end user's machines. And
many (though not most) of those actually come along with a virtually
static IP (NAT in a company network).
Why are some nodes on the Internet more deserving than others? Why do
you discriminate against those with cheap Internet access? Why is a
T-1 user more deserving to exchange mail with you than a dialup or DSL
For SPAMers you will get them very quickly if they use T1/E1 or
something like this, and they can be stoped bei RIPE for example.
RIPE isn't easily blocking any IPs. But you are still right in some way:
It is far easier to track down who sent the SPAM if it came from a
SPAMers from Dynamic IP's are different.
Now, we know, that most SPAM does not come directly from the ADSL-
Account owner, because most of them are infected with Viruses which do
Blocking MAIL from DUL/DSL is the right thing.
Wrong. For two reasons:
1) You force people on DUL/DSL to use email servers which they might
not want to use. At least one of the three ISPs mentioned above is
regularly listed in various open relay block lists. This is also
true for various (sic!) other providers which offer but don't enforce
use of their mail server as a relay for their users.
2) The DUL/DSL blacklists are often wrong. My former static IP was more
often than not listed in one or more of those blocklists just because
it was in a subnet near a dynamic DUL/DSL IP subnet. Even though a
whois on that IP returned my person object and not the providers
If we were in a perfect world, mail from DUL/DSL users would use the
secure mail servers of their ISP.
In August it was very silent, have only 2300 SPAMs gotten. Now we have
the 2004-09-20 and I have already 56.000 SPAMS.
Most (97%) coming directly to my address firstname.lastname@example.org and
around 80% of the SPAM is coming from DUL/DSL
SO? Do you have any idea how many non-spam mails you have blocked?
Please note, that I have only an ADSL 1024/128kBit and my Fileserver
(Duron 1600) with fetchmail, procmail and courier-imap must handel it.
Hmm. I have no idea how you reached that amount of spam. 56000 Spams in
20 days is 2800 spams a day. Hell, I get only one fourth of that at best
(hmm, worst), and that is with 20 open-to-any-poster mailinglists which
consist mostly of spam these days.
But still, IMHO it is wrong to block MTAs just because they (appear to)
send from a dynamic IP range (DUL/DSL). I would however agree that
sending from dynamic IP is an additional hint that it might be spam.