[EMAIL PROTECTED] wrote on Sunday, October 29, 2006 6:39 PM -0500: > Colin> Incidentally, I would like to see more effort put into the > Colin> identifying of the originators of this aggravating stuff. > > That is, I think, an entirely different exercise than filtering for > spam. Also, given that most spam these days seems to come from zombie > hosts (at least that's my understanding), it would probably be pretty > easy to work your way back to the originating host, but that wouldn't > tell you much.
Zombified Windows boxes have been the major source for the last couple of years. Blacklists and word or mouth have successfully reduced the number of open relays, while unpatched Windows boxes remain plentiful. The problem of zombie hosts persists largely because a few of the world's largest ISP's do nothing when such hosts are reported on their networks. One example is Verizon. As a defensive measure against such hosts, some MTA's make good use of "dial-up network" blacklists. While this used to be actual dial-up IP space, they are now lists of IP blocks used for dynamic IP pools or consumer-grade static connections. By listing these IP blocks, an ISP states that anyone in that IP space violates their AUP if they run an outgoing MTA that does not send mail through the ISP's smarthost, where it is subject to rate limiting and perhaps outbound virus filtering. Just as with zombie hosts, lack of cooperation by a few large ISP's makes this approach spotty. Still, you can block lots of junk by testing the headers for IP's already on those lists. This is most effective at the incoming MTA, rather than the mail client, as you can terminate a session with a zombie host before receiving any message content. This has the advantage of reducing the bandwidth stolen by spam and results in an immediate bounce message should a legitimate message be inadvertently rejected. Spambayes concentrates on what can be done at the MUA after deciding to accept a message. From a protocol point of view, it is not a good place to use a DNSBL. -- Seth Goodman _______________________________________________ [email protected] http://mail.python.org/mailman/listinfo/spambayes Check the FAQ before asking: http://spambayes.sf.net/faq.html
