[Assp-user] An idea on gathering more IPs to block

Wed, 04 Apr 2007 13:22:20 -0700 

I was looking through some of my spams and came up with an idea that I 
thought I'd share with the list.  It may be a stupid idea, so flame away 
if if I'm missing the obvious.

Although its technically possible, the feasibility of implementing this 
concept (or something like it) would fall to someone else since I'm not 
a Perl guru.

But basically, I see considerable spam that has traversed multiple hosts 
before I see it.

Since the IP address of the original sender can be gathered from the 
headers, would it make sense to weight those IPs prior to ever receiving 
email from them?

For example, if my fresh spam has gone from SenderIP --> Open Host --> 
ISP Relay --> Me, would it not seem logical to pull out the Sender IP 
and add it to my by grey list? And perhaps the Open Host as well?

In essence, IPs associated with the transmission of spam get their grey 
list valued bumped?

Here's a snippet from a spam email (original email replaced with one of 
my spamtrap addresses). This one went from SenderIP --> ISP relay --> Me.

Received: from IFINOSPAM ([My_ASSP_IP_Address])
        by mail.internetfinesse.com (Internet Finesse SMTP Daemon v1.9) 
with SMTP id AFA37523
        for <[EMAIL PROTECTED]>; Tue, 03 Apr 2007 20:10:20 
-0500
Received: from 121.162.52.22 ([121.162.52.22] helo=com1.kornet.net) by
    IFINOSPAM; 3 Apr 2007 20:10:03 -0500
Return-Path: <[EMAIL PROTECTED]>
Received: from 205.178.149.7 (HELO 
INBOUND.EXPLOREHIMALAYA.COM.NETSOLMAIL.NET)
     by internetfinesse.com with esmtp (+(TGOV.HL' -0,+()
     id 21TA*T->(@,W*-Y(
     for [EMAIL PROTECTED]; Wed, 4 Apr 2007 01:09:54 -0900

Would it be possible, therefore, that during spam DB rebuild, that the 
IP address of 205.178.149.7 (which did not send to me directly) could be 
added or bumped in the grey list just in case?

Would this even be a good idea or would it buy us anything?

Just a thought.

Chris

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to