On Wed, 10 Jul 2002, Theo Van Dinter wrote:
> Blocking viruses/worms is different than blocking spam. Worms typically
> come in from people who didn't mean to send the message, but they got
> infected. You don't want to block them, you want to block their message
> -- that's when you do content filtering.
Actually, its not different--The address is expired shortly either way. A
spammer on dialup uses the same IP address as the next user who is not a
spammer. The infected virus sender should be blocked until they are
disinfected. A lot of viruses send spam. I agree that content filtering
is definitely useful.
> Spammers very much do use open relays to send their mails to help
> obfuscate where they're coming from. You still want to do content
> filtering to catch their spam, but you want to block the open relays so
> that you stop receiving stuff from these servers.
Yes and no. There are clearly some people out there abusing relays.
"spammers" meaning people sending mail who are really trying to sell
things tend not to be the abusers of our relays, nor am I the recipient of
such commercial mail sent through other open relays. Most of the real
commercial spammers have their own relays. (for example,
datacommarketing.com). They usually send direct, or through their ISP's
relays. They tend not to be relay abusers. If they abused our relay,
we'd charge them for services, and our lawyers would go after a company.
So would other open relay operators.
There are "spammers" meaning anti-spammers who are abusing relays to annoy
people and who do send mail through open relays. Most of this obviously
isn't commercial. Some of it appears commercial at first glance (eg
Norton Anti-virus $69) isn't really commercial--Norton isn't doing this,
and there isn't any contact information, and the price is wrong, etc.
Close inspection reveals its not really commercial. Much of this is easily
blocked, but some gets through.
Some of the addresses listed by the open relay blacklists aren't open
relays at all, but are systems they apparently run to generate abuse.
All of this can be blocked using content filtering. You don't want to
block open relays, or use open relay black lists. Doing so just opens you
up to unwanted participation in someones revenge kick or a scam, or both.
Open relays can be protected just like any other mail server. The people
who claim otherwise and who operate black lists are in nearly every case
the abusers of open relays, which can be seen by testing their services.
Don't be scammed by open relay black lists.
--Dean
---
Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'.
Mail administrative requests to `[EMAIL PROTECTED]'.
