[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Removal of IP
On Thu, May 01, 2003 at 07:52:30AM +0100, Sunday Folayan wrote:
> > I have to say that I have tried complaining to Nigerian ISPs in the past
> > about "419" scam mails, and never had any response. I don't bother any more.
>
> Its a hopeless situation and we recognise it. Most Nigerian ISPs are
> helpless. The spammers mutate, and are Normadic. They only use the local
> ISPs for their last-mile connection. We Scan outgoing SMTP mails with
> Spamassasin and kill those $38.4m rich ones, the problem is with HTTP
> POSTs. Not helping the matter is the fact that there are very many Free
> webmail sites in the world.
Sounds like you're doing a good service. Mail which are being sent via
someone else's webmail service will have a source IP which belongs to them,
so you're not at risk from being blacklisted.
But did you block port 25 outbound? Otherwise spammers can just deliver mail
directly to the recipient, bypassing your smarthost, as many spam programs
seem to do.
You could also use a layer-7 switch to transparently forward any port 25
traffic to your local smarthost (arguably more user-friendly, but you'd have
to check that your T&Cs allow this)
Often though, the solutions to behaviour problems are non-technical. If
these people are in breach of Nigerian law (for attempting fraud, not for
spamming) are you able to get the police involved? I realise this is a
difficult area though, particularly to do with releasing information about
your customers and their usage logs - even in the UK the law is still
evolving.
It also doesn't hurt to handle abuse complaints in the normal way - i.e.
track down the account, terminate it, and send back an acknowledgement mail
to the person who reported it - even if it's too late to stop any more being
sent from that account. If your customers pay you for the service then you
should be in quite a strong postion, because presumably you have to check
the identities of individuals when they sign up, so you can stop them
signing up for new accounts in the future. Of course, if the scam is
successful, they probably won't need to :-)
> If there is a method of scanning the contents of POSTs (including SSL
> POSTs) from say a web proxy server, we could build spam sentry boxes.
Unfortunately, you cannot scan SSL content. You'd have to mount a
man-in-the-middle attack, which would fail because you don't have a valid
certificate for the remote site (which is exactly why sites have
certificates in the first place). I'd say it's the responsibility of the
webmail service to control abuse by their users anyway.
On a lighter note, I don't know if you ever saw this:
http://www.theregister.co.uk/content/archive/28561.html
Regards,
Brian.
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org