At 5:34 PM -0400 9/3/2003, Chuck Martin wrote: >I have read messages from several of you who say you check out all spam >you receive, find the source, and blacklist it locally. I decided to >try this myself today, but think I must have a huge knowledge gap. I >just looked at my last 12, and found each one was from a unique IP. >Maybe this is not enough messages to search, but so far it doesn't look >like too promising a technique. As I am told the only Received: header >I can trust is the last (top) one, that is where I got the IP. Maybe I >need to get them from the SIMS log instead. Is that why I got the >results I got, or is there some other problem causing me not to see a >pattern?
Chuck, I saved all my spam (what got past my spamtraps and RBLs) for several months and wrote a script to extract the Received: from header IP addresses from the batch. The IP addresses were 98-99% unique. Very few repeats. With the wide availability of Open proxies, the spammers keep moving to ever new IP addresses. Manual blacklisting is good for when some jerk pounds your server day after day with dictionary attacks and such. It seems like a waste of time to manually blacklist the IP address of the spam that gets through. It would be a full-time job and then some. And you'd have a very big blacklist. -- Warren Michelsen <[EMAIL PROTECTED]> Online Tools For Business -- <http://www.OTFB.com/> Small Business & E-commerce web hosting ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
