Mail Archives: cygwin/2003/07/18/17:38:17
Earnie Boyd wrote:
> When you bounce that type of SPAM then you are participating in the DoS.
I agree completely with this statement, and although I though the idea
of "wpoison" was technically "cool" it also does nothing to ebb the
tide, and in fact only increases the level of the floodwaters by causing
the spammers to generate more bogus emails that need to be sent and
processed. SpamAssasin is also "cool" but once the spam is already on
the network its bad-news no matter how it gets stored, filtered, and
processed. Even the best of filters have their downside and most don't
throw anything away in fear of a "real" email getting tossed. I for one
would love to see a more "active prevention" of spam!
My current thoughts.. Most spammers use open relays as their way to move
their email into the legitimate Internet email system So, modify an smpt
like process to look like a normal sendmail, only it will forward just
one or two messages (i.e. the spammers open relay test) for each
connecting host and then log that host and email address into a database
as well as reporting the host to the RBL, ISP, etc.. For any subsequent
access from that address this process should simply "eat" the email but
act as if it is accepting and delivering it. For each subsequent email
received from that host address it simply delays the connection flow
like the LaBrea tar-pit project did it, thus limiting the connection
bandwidth and slowing their delivery engine to a snails pace. This
essentially captures the spammers sending process while while
simultaniously dumping what little they manage to get out the door to
straight to /dev/null. No filter processing required! As long as I don't
pay for the minimal/controlled bandwidth, and I play nice with others, I
probably won't even know they are trying to abuse me since it would take
near zero cpu cycles to toss everything.
Face it, anybody trying to use my PC to send an email is obviously up to
no-good, and I don't grantee delivery since they are not paying for my
services. If they find something living on my port 25 I never said it
was a "sendmail", that’s just their assumption. If enough machines on
the internet listened on port 25 out there and "ate" all the spammers
junk like this then the spammers would have a tough time staying in
business by trying to use open relays, because they would never know if
their cruft was /dev/null'ed or not. If they stop using open relays then
all the RBL's will work like a charm even without all the fancy AI
filters! Less traffic, less storage, less processing, everybody wins.
All the spammers would know is that it took a VERY-LONG-TIME to send
everything, so maybe its just a slow network? - lol
Sorry for this rant, but as not to be too off-topic, if I ever did do
something like this in the future then Cygwin is going to be the
“perfect weapon” to fight back with, because there are lots of machines
out there running Windo$e, and the more tar-pits out there the better! 8^>
Since this is not completely Cygwin related, please contact me off-line
if you have any comments or ideas on this topic.
Steve.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -