nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: improved NANOG filtering

From: Rob McEwen <rob () invaluement com>
Date: Mon, 26 Oct 2015 19:37:00 -0400
On 10/26/2015 5:15 PM, Patrick W. Gilmore wrote:

And the first person who says “who has seen $URL” or similar in a message gets bounced, then bitches about “operational 
nature” of NANOG.

I think it is probably not a great idea to add things like URI checkers to NANOG. We can bitch & moan about people 
supposed to modify it to hxxp or whatever, but reality is people like to copy/paste and this is not unreasonable on NANOG.
That is a good point. Personally, I think whole spam samples should be linked to a pastebin post. and individual references to a spammer's domain or ip should have a space inserted before each dot. What can be frustrating when this isn't done ... is that discussions about spam can intermittently get filtered on the client side, sometimes by active participants in a thread... and inconsistently. which is frustrating... and which is why everyone OUGHT to use such tactics when providing spam samples or when discussing spammy IPs or domains.
But you're correct. Filtering on the server side of lists is not as simple as it sounds due to the risk of mistakenly blocking legit messages in a discussion about spam.
Still, it may not be as problematic as you think to deploy such measures. When the sender gets a rejection notice, they often figure out what happened and resend with the spam obfuscated, fwiw. If someone complains, tell them that they should have known to obfuscate the spam (or spammy domain or IP), or post the spam sample to pastebin
As least, that is my suggestion. But I know there isn't an easy answer to this. 

--
Rob McEwen
Previous By Date Next
Previous By Thread Next

Current thread: