Sudden dropoff in volume of spam

Support ePaxsys/FRWS support at EPAXSYS.NET
Sun Apr 11 23:59:34 IST 2004


At 10:32 PM 4/11/04 +0200, you wrote:
>Hi!
>
> > There are the pockets of hardcore spam IPs and hosts that constantly change
> > their 'names' but the IPs seem consistent, so maybe the ISPs themselves are
> > wising up and there are fewer out there willing to host them. One can only
> > hope.
> > A small webpage with some ongoing daily SPAM host stats is at:
> > http://www.frws.com/spam-hallofshame.html
> > and shows what we see on two servers (one a primary and the other a
> > secondary MX) serving about 52 domains and 600 users, give or take.
> >
> > Stats are always telling. We also run our own lists here to block dynamic
> > and residential hosts, as well as numerous others - and the reasons are
> > obvious once you look at the stats. And we do use SpamHaus and other RBLs
> > as well, all at the sendmail level. Keeping it off the servers in the first
> > place is our goal, less processing for the Virus and SPAM scanners that
> > way.  :>)
>
>You shoud consider using DSBL, and submit the proxys you find there. Both
>will have profit of that. If only a few more people would submit open
>proxys also it would be even better.
>
>Scripts are on www.dsbl.org if people wanna check.
>
><plug mode=on>
>
>Ohw, btw, for the newly created surbl lists there are seperate
>mailinglists also, if people are interested, subscribe there.
>
>http://www.surbl.org
>http://lists.surbl.org
>
><plug mode=off>
>
>  =)
>
>Bye,
>Raymond.

I have submitted and do submit proxies to ORDB and DSBL, we use both lists.
Problem is that neither of those lists consider most of these as 'open
proxies' as they are either not REALLY Open (as in we can use them also) or
simply do not use the ports or mechanisms the main-stream lists use to test on.

A safe bet is that these hijacked machines respond to some obscure port or
method that allows those that know how to SPAM through them. They
definitely are being used to spam people, no question about that - question
remains is how do we test for that 'open-ness' and get a positive response?
Figure that one out and we will truly have a winner (until they change the
method again - hehe).
In the meantime we will block those hosts that 'should be using their ISPs
mail servers' , in our opinion, of course (a "no-flames please"
disclaimer). Seems to do the trick for us and very few complaints
considering we handle close to a million mails a month if you count all the
servers we either supply filters for or actually manage.

Will look into your list(s) when we have a minute. *plug noted*

Cheers
JPP


ePaxsys/FRWS Technical Staff
ePaxsys, Inc. http://www.epaxsys.net
FRWS: http://www.frws.com
Live Text Support: http://www.epaxsys.net/live-help



More information about the MailScanner mailing list