nanog mailing list archives
Re: Barracuda Networks Spam Firewall
From: James Couzens <jcouzens () 6o4 ca>
Date: Wed, 19 May 2004 17:06:19 -0700
On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
extract hostname from url, dig on hostname, whois on addr, and nine times out of ten the host is in a CN netblock. that's from the spam that gets into my mailbox.
Yes I understand that is what you meant. I just did this on 5 spam in my mail box, I got: Domain Name: AAFMALE.BIZ (www.aafmale.biz) Registrant Country: Canada Resolves to address: 218.232.109.220 (KRNIC-K) (Korea) Domain Name: PLANENEWS.COM Registrant Country: France Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States) Domain Name: MIRGOS.ORG Registrant Country: Russia Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea) Domain Name: WINSPR.BIZ (iityvzbtpvw.winspr.biz) Registrant Country: New Zealand Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China) While it is only 5 mails, and certainly nothing to judge by, it does not seem to be 90%. Although Korea under APNIC it is not China.
let me state AGAIN that what I really want is a plugin that allows for cidr match-lists so that I can also include the handful of non-enforcing hosters in Russia, New York, Florida, etc. One responder also suggested ASN matchlists but I'm not that mad.
What sort of plugin? MTA? MUA? Going back to my previous e-mail, all of this effort I think is being placed in the wrong direction. Focus should be placed on preventing forgery, and educating users. If we spent the money we are dropping on hardware and software to stop spam (its in the BILLIONS) on educating users and pushing anti-forgery / sender authentication/verification methods forward, we'd have an easier time of all this. Cheers, James -- James Couzens, Programmer ----------------------------------------------------------------- http://libspf.org -- ANSI C Sender Policy Framework library http://libsrs.org -- ANSI C Sender Rewriting Scheme library ----------------------------------------------------------------- PGP: http://gpg.mit.edu:11371/pks/lookup?op=get&search=0x6E0396B3
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Barracuda Networks Spam Firewall, (continued)
- Re: Barracuda Networks Spam Firewall Mike Tancsa (May 17)
- Re: Barracuda Networks Spam Firewall Raymond Dijkxhoorn (May 17)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 18)
- Re: Barracuda Networks Spam Firewall Petri Helenius (May 18)
- Re: Barracuda Networks Spam Firewall James Couzens (May 19)
- Re: Barracuda Networks Spam Firewall Steven Champeon (May 19)
- Re: Barracuda Networks Spam Firewall Dan Hollis (May 19)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 19)
- Re: Barracuda Networks Spam Firewall James Couzens (May 19)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 19)
- Re: Barracuda Networks Spam Firewall James Couzens (May 19)
- Re: Barracuda Networks Spam Firewall Bruce Pinsky (May 19)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 19)
- Re: Barracuda Networks Spam Firewall Randy Bush (May 19)
- Re: Barracuda Networks Spam Firewall James Couzens (May 19)
- Re: Barracuda Networks Spam Firewall joe (May 19)
- Re: Barracuda Networks Spam Firewall Susan Harris (May 20)
- Re: Barracuda Networks Spam Firewall Valdis . Kletnieks (May 20)
- Re: Barracuda Networks Spam Firewall Rik van Riel (May 20)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 20)
- Re: Barracuda Networks Spam Firewall Per Gregers Bilse (May 20)