what I meant. I am not talking about an ISP filter words. What I mean is it
wouldn't take a rocket scientist to know which ISP companies are allowing
spammers

example, from one MX for 24 hours yesterday, the qty of SMTP session per domain.tld:


use the lines I've marked "legit", then consider the size of their legit user ans how many connections AOL made to the server, then compare with the SMTP sessions from the network operator domains who all have comparatively minuscule users vs AOL, and you see the magnitude of the "subscriber network" problem:

Host/Domain Summary: SMTPD Connections (top 60)
 connections  time conn.  avg./conn.  max. time  host/domain
 -----------  ----------  ----------  ---------  -----------
   10691       10:38:05          4s       142s   comcast.net
    6861        6:07:02          3s       140s   rr.com
    6696        4:18:23          2s       123s   aol.com   < assume legit
    6027        9:14:21          6s      1055s   pacbell.net
    5979        1:01:21          1s        52s   yahoo.com  < assume legit
    5608        0:03:05          0s         5s   usd232.org
    4765        6:06:33          5s       323s   ameritech.net
    4525        8:25:04          7s        24s   acernautic.com
    4240        6:22:56          5s      2142s   charter.com
    4131        3:31:03          3s       231s   verizon.net
    3294        1:04:06          1s       108s   bellsouth.net
    2934        0:17:53          0s         4s   outpeake.com
    2803        4:07:12          5s       218s   dsl-verizon.net
    2695        0:27:39          1s        45s   hotmail.com  < assume legit
    2630        2:42:35          4s       153s   swbell.net
    2581        0:13:30          0s        16s   charter.net
    2577        0:17:17          0s         7s   rts.edu
    2389        2:27:38          4s        83s   attbi.com
    2341        5:50:10          9s       162s   auna.net
    2268        4:54:39          8s        90s   blueyonder.co.uk
    2203        0:15:11          0s        15s   earthlink.net  < assume legit
    2159        0:11:32          0s         3s   nobleguild.com
    1990        3:47:18          7s        63s   proxad.net
    1945        1:57:30          4s       477s   mindspring.com
    1889        2:11:46          4s        77s   bbtec.net
    1854        4:00:26          8s        12s   asandox.com
    1778        1:56:45          4s        63s   shawcable.net
    1718        1:55:35          4s        96s   adelphia.net
    1656        7:16:50         16s       192s   rima-tde.net
    1575        0:05:37          0s         3s   ihomefinder.com
    1535        4:14:14         10s       191s   t-dialin.net
    1475        2:29:50          6s       144s   whambambrands.com
    1408        2:48:31          7s       131s   virtua.com.br
    1367        0:18:39          1s         4s   tendermist.com
    1308        3:39:28         10s        70s   anteon.com
    1274        0:10:53          1s        16s   blackberry.net
    1181        3:31:50         11s       108s   telesp.net.br
    1164        1:51:45          6s        12s   dartmail.net
    1070        2:21:06          8s        19s   bevivek.com
    1057        0:07:11          0s        11s   bocanetworkservices.com
    1044        0:09:59          1s        15s   ohthatsfunny.com
    1031        1:01:13          4s      1039s   cox.net
    1019        3:30:33         12s       151s   ono.com
     974        2:03:36          8s        65s   hinet.net
     967        1:48:17          7s        17s   golfshore.com
     956        1:56:39          7s        13s   havagreatday.com
     948        0:04:38          0s         6s   blue-mx07.net
     912        1:29:20          6s        70s   rogers.com
     899        1:36:50          6s        51s   villner.com
     870        0:37:52          3s        47s   qwest.net
     862        2:02:49          9s        69s   hkcable.com.hk
     836        0:46:58          3s        32s   charter-stl.com
     833        1:07:00          5s        51s   ocn.ne.jp
     785        1:11:49          5s      1428s   covad.net
     754        1:12:05          6s         9s   m0.net
     743        0:03:01          0s         4s   hotqualitydeals.com
     730        0:59:43          5s        70s   charterpipeline.net
     727        0:12:53          1s        12s   elementum-inc.com

90% of the above is abuse

 and it wouldn't be that hard for them to monitor it and put a stop
to the true spammers.

hard or not, the above have been spewing for years, so expect them to continue spewing and NOT blocking port 25 access from the above networks.


I've looked at this activity by looking at the PTR domains of IP that get greylisted (non-MTAs that don't retry even once). Exactly the same networks.

It would only require a few samples per IP that is mass mailing. Easy to detect which IP's are mass mailing.

You really have no idea. The above network operators have many 1000's of IPs spewing 24x7.


Len

_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to