[CS-FSLUG] My analysis of the email spam problem

Norbert Bollow nb at norbert.ch
Sat Oct 9 17:24:00 CDT 2004 

Ed Hurst <ehurst at asisaid.com> wrote:

> Most recipients I try reject mail from my dialup connection if send
> direct-to-MX. That's usually a source of spam, and is correctly bounced.

It is true that many mailservers bounce email which appears to come
via a dialup connection; however I don't agree that this is "correctly
bounced."

What this means is that unless you know how to get reverse dns which
doesn't look like a dialup connection, you can't reliably send
legitimate bulk email.  Suppose for example that you're organising a
conference, and want to send an email message to everyone who has
registered for the conference.  You can't send these emails directly
to the recipients' mailservers, because so many will bounce or even
silently discard it.  And if you try to send them through your ISP's
mailserver, the messages might get bounced or dropped there because
ISPs need to be wary of the risk of getting their mailservers
blacklisted.

> I prefer the method upon which SPEWS is based, by blocking every IP
> known to produce spam. However, their shotgun approach apalls me. I
> prefer a more fine-grained selection. But instead of simply blocking
> their mail, I believe it is better to simply firewall all traffic from
> those IPs.
> 
> While this is less pure than your solution from a theoretical viewpoint,
> it is far more likely to work.

My impression is that IP-based blacklists have been tried,
extensively, some with the SPEWS-like "shotgun" approach, others
with more careful rules.  As far as I can see, the experience is
that this approach doesn't work well enough.

Also, with blacklists there's always the huge potential problem
of false accusations.

> It attacks spam in the most vulnerable link -- the offending service
> provider.

Alas, this has the effect that service providers establish rules and
procedures which harm senders of legitimate bulk email.

> I would also ensure that there is far better publicity before the
> various participants begin the firewalling. I would really prefer to
> initiate this at the root server level, so that their traffic really
> goes nowhere.

The internet has (IMO fortunately) no "root server" with the power of
causing someone's traffic to "go nowhere".  (There are DNS root-servers
but they don't have this power.)

Blessings,
Norbert.

More information about the Christiansource mailing list