Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 18 Jul 2003 17:37:44 -0400 From: Steve Coleman Subject: Re: Spammers watching this user forum In-reply-to: <3F17DD1F.3010409@yahoo.com> To: cygwin AT cygwin DOT com Message-id: <3F1868A8.40803@jhuapl.edu> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=windows-1252 Content-transfer-encoding: 8BIT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en References: <3F17DD1F DOT 3010409 AT yahoo DOT com> Earnie Boyd wrote: > When you bounce that type of SPAM then you are participating in the DoS. I agree completely with this statement, and although I though the idea of "wpoison" was technically "cool" it also does nothing to ebb the tide, and in fact only increases the level of the floodwaters by causing the spammers to generate more bogus emails that need to be sent and processed. SpamAssasin is also "cool" but once the spam is already on the network its bad-news no matter how it gets stored, filtered, and processed. Even the best of filters have their downside and most don't throw anything away in fear of a "real" email getting tossed. I for one would love to see a more "active prevention" of spam! My current thoughts.. Most spammers use open relays as their way to move their email into the legitimate Internet email system So, modify an smpt like process to look like a normal sendmail, only it will forward just one or two messages (i.e. the spammers open relay test) for each connecting host and then log that host and email address into a database as well as reporting the host to the RBL, ISP, etc.. For any subsequent access from that address this process should simply "eat" the email but act as if it is accepting and delivering it. For each subsequent email received from that host address it simply delays the connection flow like the LaBrea tar-pit project did it, thus limiting the connection bandwidth and slowing their delivery engine to a snails pace. This essentially captures the spammers sending process while while simultaniously dumping what little they manage to get out the door to straight to /dev/null. No filter processing required! As long as I don't pay for the minimal/controlled bandwidth, and I play nice with others, I probably won't even know they are trying to abuse me since it would take near zero cpu cycles to toss everything. Face it, anybody trying to use my PC to send an email is obviously up to no-good, and I don't grantee delivery since they are not paying for my services. If they find something living on my port 25 I never said it was a "sendmail", that’s just their assumption. If enough machines on the internet listened on port 25 out there and "ate" all the spammers junk like this then the spammers would have a tough time staying in business by trying to use open relays, because they would never know if their cruft was /dev/null'ed or not. If they stop using open relays then all the RBL's will work like a charm even without all the fancy AI filters! Less traffic, less storage, less processing, everybody wins. All the spammers would know is that it took a VERY-LONG-TIME to send everything, so maybe its just a slow network? - lol Sorry for this rant, but as not to be too off-topic, if I ever did do something like this in the future then Cygwin is going to be the “perfect weapon” to fight back with, because there are lots of machines out there running Windo$e, and the more tar-pits out there the better! 8^> Since this is not completely Cygwin related, please contact me off-line if you have any comments or ideas on this topic. Steve. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/