At 08:29 AM 11/17/99 -0800, [EMAIL PROTECTED] wrote: >> Yes, I think this is AOL bashing. But I think it is for cause. >> They have some serious problems that affect their customer's >> service, and they show no interest in fixing them. >I just read somewhere AOL estimates they get 18 million SPAMs per >day. No, they probably get 16 million spams and drop 2 million legit pieces of mail on the floor and call them spam. >I have to wonder how I would deal with that level of >rejection. There ain't no good way, short of changing the nature of >the net from mostly anonymous to complete big-brotherism, which is >not something I'd like to see. Will probably happen though. Let's see: It is a bad thing to bounce 1,000,000 spams to a domain. But you are probably doing name server lookups. You are also AOL, which has a custom mail system and, supposedly, some pretty smart people working there. So when you bounce a spam you do a lookup in some special nameserver or array of nameservers that talk, and when the bounce return nameserver hits 1000 lookups for a particular domain it starts retuning a special answer that says, "throw on floor" and it also generates a single mail indicating that the bounce limit is reached to the postmaster of that domain and apologizing. Heck, you could adjust this to be a proportion of correctly delivered mail from the domain. There are lots of good ways to deal with this. Real hard to do? Not enough capacity? Goes back to a question of oversold capacity aqnd ability. AOL has a hard problem to deal with -- more e-mail than we can imagine. Takes lots of servers, lots of capacity, lots of special coding. They purport to deal wth the mail and charge for having done so. They tried to trademark the phrase, "You've got mail". They therefore have an obligation to do the job in more than a half-assed fashion, and not to run screaming while waving their hands in the air saying, "Oh, tooo hard! Tooooo hard!" I worked on the Nagano Olympics. In my viewpoint, 18 million/day is not that many. It is just a question of capacity and scalability, having a big enough engine to run the database and so forth. >>From recent experience (actually with a system hacker who left >traces in the tcpd logs, and didn't delete them in time), it is >possible to follow some SPAM back to the perp, unless they used a >hacked credit card to set up the original account. The headers >_usually_ include the actual dialup account from which it was sent. Unless the first relay really wasn't, or they were running a old mailer that didn't build a proper received line. >I think it's possible to forge that as well, but it's not usually >done. I think it is real hard. I guess you could do a syn attack and do the whole conversation blind. :-) Or you could subvert backbone routers. There are not too many other ways to fake an IP. > That and the timestamp of the forwarding host provide >sufficient information for the dialup provider to identify the >dial-up client who was on that line at the time. However, it is >very difficult to get a dialup provider to do the work, much less >provide it to anyone else, even with a court order. Hmmm. You mean to tell me that there are ISPs who are refusing to honor subponeas? Usually this means that they will get fined for contempt unless they are out of jurisdiction. I'll admit that I'm throwing up my hands on Japan and Korea relayed spam these days. I have considered configuring my system to bounce all mail from any jp or kr domain. -- That which does not kill us, makes us stronger. That which does kill us makes us smell stronger, after a few days, anyway. Nick Simicich mailto:[EMAIL PROTECTED] or (last choice) mailto:[EMAIL PROTECTED] http://scifi.squawk.com/njs.html -- Stop by and Light Up The World!
