ojing
join:2004-03-09
Norwalk, CT
| reply to SuperJudge
Blocklisting? Ho hum
A friend of mine on Cablevision's OptimumOnLine gets blocklisted all the time. Perhaps once per week. Goes through the effort to get his particular address unblocked. Result? Nothing by Cablevision except to admit that a good portion of their users are spammers.
Can someone with more experience tell me whether their system is particularly non secure? (That was not an invitation to hack them, though I suspect that any attacks generated by the good people who visit this site would be totally swamped by the current spam.) |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Well does he have any spam trojans? That would be my first question. My second question would be, what blocklists did he make it onto? Is his IP on the Spamcop spam sources list? Does he change IP often?
--
Jimmysquid.com - I take pictures. |
|
ojing
join:2004-03-09
Norwalk, CT
| His machine is clean. Latest AV, router and Macintosh help with that. But the IPs are dynamic and he gets allocated addresses that are on black lists. Curious, I was looking to see which ones but could not find any, I was hoping that BBR could shed some light on this. Was the Optimumonline rep spewing? Do they run open proxys or relays? Seems unlikely in this day and age but perhaps the only obstacle to spam on their system is via MAC addresses.
Don't know. Would be interesting to find out. Give us DSL users something to fling back into the face of the superfast optimumonline crowd (other than reliable mail and free dial-up accounts). |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| reply to ojing
blocked using dynablock.njabl.org (total: 780)
162 comcast.net
57 rr.com
55 optonline.net
48 pacbell.net
35 ameritech.net
34 attbi.com
22 dsl-verizon.net
19 adelphia.net
19 swbell.net
19 t-dialin.net
16 charter.com
14 verizon.net
13 telus.net
I use RBL's to help cut back the SPAM influx. One such RBL specifically targets dynamic IP sources. The above is a partial report for my home mail servers.
The ones at work, in the space of six hours, used this same RBL to block over 15,000 emails. The distribution of guilty domains was nearly identical to the above and in roughly the same proportions. So, take each of those number and multiply by fifteeen and change. You'll see how much a simple RBL on a moderately busy server can block.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
|
add14pw
join:2004-01-26
| reply to ojing
If he's sending directly from his computer (not via the Optimum Online SMTP server) much of his email is going to be blocked by me, AOL and many other places. Mail direct from dynamic addresses is routinely blocked these days because of spam from machines which are compromised by security problems.
Also, if a spamming attack does get a machine on the OO network, that machine's IP address is rapidly added to the spam source blacklists and gets blocked by lots of other people. That sort of blacklist will often be used to block the email if it was from the IP address at any point, even if it was sent via the legitimate SMTP server ultimately.
Some blacklists are also not very well handled and may block the whole domain instead of just the compromised machines. These are probably mostly the places which haven't yet discovered that blocking mail coming directly from dynamic addresses is less disruptive. This is particularly problematic when some exploits and spam uses bogus from addresses.
Spamming software can also use the legitimate SMTP server of OO once it gets on the machine, so that can end up with the legitimate OO outgoing SMTP server blocked for a while (hopefully only for a while).
The best he can do is send via the OO SMTP server instead of directly (if he's sending directly) and suffer when OO takes too long to catch abuse of that SMTP server. |
|
