nanog mailing list archives
Re: New IANA IPv4 allocation to AfriNIC (41/8)
From: Richard Cox <Richard () mandarin com>
Date: Wed, 13 Apr 2005 22:22:30 +0000
On Wed, 13 Apr 2005 20:38:44 UTC "Steve Meuse" <smeuse () gmail com> wrote:
On 4/13/05, John Palmer <nanog () adns net> wrote:Thank you for that information. I can leave 41/8 in my router bogon list and hopefully eliminate the Nigerian 419 problem somewhat.Personally, I believe we should give them the chance to fail before we cut them off from the rest of the world. I don't think the majority of 419 email comes from addresses actually sourced in Nigeria.
The largest part (>90%) does originate in Nigeria. The remainder comes from countries adjacent to Nigeria such as Togo, Senegal, etc (~6%) or from the Netherlands (~4%) Unfortunately, the traffic originating in Nigeria comes out on satellite connections which have established IP ranges assigned to the Satellite operator and configured as part of his ASN. In other words, they will mostly match the location of the Satellite downlink - UK, Denmark, or Israel etc. Typically less than 10% of the traffic from Nigeria uses IPs assigned on the basis of the network actually being in Nigeria. The 419 scammers are so used now to port 25 on their own IP addresses being blocked (either by their own ISP or by the recipient network) that they have all but given up on direct mailing. Their main methods are to send through Webmail on a network that doesn't take subscription security sufficiently seriously (Tiscali, Microsoft Hotmail, etc) or to use a compromised server such one running PHPNuke webmail. Leaving 41/8 as a bogon, or otherwise filtering it, will make less than 1% overall difference in the volume of 419-style spam that you receive. Just for completeness, the "lottery" style scams, which are another form of Advance Fee Fraud, also originate in Nigeria even though they may claim to be from people in the UK or in other parts of the EEC. Just to keep this on topic I will relate the tale of a systems engineer who I called, to point out the volume of 419 mail coming through their mailservers. "I can't look at that now", he said, "the current load on our smarthosts is so high that the mail is backing up - and I have to get this proposal for four new servers finished for the Board tonight" Then it suddenly dawned on him why his mail load had become so high ... -- Richard Cox
Current thread:
- Re: New IANA IPv4 allocation to AfriNIC (41/8), (continued)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Doug Barton (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Stephane Bortzmeyer (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) John Palmer (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Steve Meuse (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Gary E. Miller (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Scott Weeks (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) John Palmer (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Scott Weeks (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Nils Ketelsen (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Hank Nussbacher (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Steve Meuse (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Richard Cox (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Randy Bush (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Dan Hollis (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Richard Cox (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Steve Meuse (Apr 13)
- Re: New IANA IPv4 allocation to AfriNIC (41/8) Randy Bush (Apr 13)
- where 419 scams come from (was: Re: New IANA IPv4 allocation to AfriNIC (41/8)) Steven Champeon (Apr 13)