Client host rejected: 85/8 banned for abuse

Eugen Leitl eugen at leitl.org
Fri Oct 20 06:35:58 PDT 2006 

On Fri, Oct 20, 2006 at 08:24:47AM -0500, J.A. Terranson wrote:

> Ahhh, but I have a *lot* more flexibility here than SPEWS does.  I can
> set filters by individuals, and I have little need for the vast majority
> of IP space - therefore I filter very hyperagressively for this domain.

The nice thing is that you never see those false positives. But for this
list, you'd never seen my message.

> Prior to this "overreaction", I was receiving approximately 25K spam

Wow, wonder how you managed to attract that. I only get several
hundreds a day (malware is already filtered at MTA level), which
spamassassin catches quantitatively. I'm thinking about starting
blocking .gif/.jpeg/.png by MTA, which would catch the rest of
them. If I ever got fancy I could use greylisting and firewall
throttling of Windows hosts, or similiar shenanigans. But, blocking
by RBL, never.

> emails per day (on an *average* day - there have been *much* worse!).
> Now, I see less than several hundred: a fair trade for the rare false
> positive (about 75% of which come from this list, and of which I see less
> than a dozen per year).
>
> I have literally dozens of /8s on block: All of APNIC, AFRINIC, South
> America, Israel, Russia and neighboring real estate... You get the idea.

I get the idea. You could just block the entire IP address space,
which would cut your spam rate down to zero. Ever tried that?

> The policy here is that if an abusive email gets through:
> (1) If generated by a hosting company, the entire allocation to that
> hosting company is blocked;
> (2) If from dynamic space, it was missed the first time, so added now;
> (3) If from a microallocation (/25-/32) I block the micro, and if from a
> company with significant space, but what appears to be just a compromised
> host, the /24 in which that host lives.
>
> It works.

I would call it the "nuclear glass approach" to spam. If this works
for you, great, but I don't know too many people who'd subscribe to your
approach (to which RBL hardcore nazis look like teletubbies).

--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list