>> If a host receives 1,000,000 e-mails from a single host
>> in a day, can't it be flagged as suspicious activity and
>> rerouted to a temp account or dumped?
They aren't from a single hosts, these guys are relaying off hundreds of
hosts. Sometimes as few as 20 emails before switching hosts. This is a big
deal and if you haven't seen much talk about it, you will. It is really bad
and only getting worse.
Secondly, can you imagine 1,000,000 messages going to a temp account. These
emails are running about 1200 bytes per message. Your email box would need
1.2GB of disk space each and every day for each domain under attack. Can you
imagine if you happen to host just three domains that are under this sort of
attack.
Then look at the bandwidth to deliver that many emails. It is a sustained
bandwidth of over 1,000 Kbits per second of traffic. By the time you add in
the overhead for signaling, packet retransmission and acknowledgement back,
it almost doubles to 2,000 Kbits/second. More than what a T1 can handle.
That is a full T1 just to handle incoming Spam. Even if you are able to
successfully block at the firewall or router, you are still looking at
around 100 Kbits per second 24 hours a day banging needlessly against your
firewall chewing up bandwidth that you pay for to block Spam. Now tell me
Spam doesn't cost the ISP any money.
Then the horsepower you need at the firewall just to handle the simultaneous
connections. A dual Proc box is almost a minimum. The numbers are scary. The
number of small ISP's falling prey to this every day is really unbelievable.
Those hardest hit are the hosting companies.
Every ISP that has ever been hit by these attacks call it worse then a
denial of service. In fact, that is exactly what it is. A denial of service
attack that is preventing your legitimate customers from using your email
resources.
Dictionary attack Spam is the single greatest threat to email companies, web
hosting companies and ISP's today. Until the email vendors develop more
comprehensive software, and ISP's do a better job of blocking open relays,
we are all in trouble.
- Steve
-----Original Message-----
From: Michael She [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 10:54 PM
To: CF-Talk
Subject: RE: Mail Servers
Out of curiousty... Can POP servers ban IPs/Domains based on incoming
traffic?
If a host receives 1,000,000 e-mails from a single host in a day, can't it
be flagged as suspicious activity and rerouted to a temp account or dumped?
At 10:18 PM 11/13/00 -0500, you wrote:
> >> Our spam protection is basically not allowing any
> >> messages originating outside our network to be
> >> delivered to any domain not hosted on that VOPMail
> >> machine
>
>That spam protection won't help you if a spammer uses a dictionary list to
>send email. The most common type of spam right now is a dictionary attack
on
>domains you host, not relaying to hosts you don't.
>
>meaning they will send hundreds of thousands of messages addressed like
this
>
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>
>And so on. One host I know routinely gets upwards of a million emails a day
>addressed like this. This is the greatest single threat to ISP's today.
Most
>servers can't handle this.
>
> - Steve
>
>
>-----Original Message-----
>From: Justin Scott [mailto:[EMAIL PROTECTED]]
>Sent: Monday, November 13, 2000 5:15 PM
>To: CF-Talk
>Subject: Re: Mail Servers
>
>
>Interesting. I'll see if we can contact Sylvain and get something done
>about that if it really is a confirmed spam hole.
>
>Our spam protection is basically not allowing any messages originating
>outside our network to be delivered to any domain not hosted on that
VOPMail
>machine. Since this is configured by IP address, the "from" address really
>isn't an issue in our configuration.
>
>-Justin Scott
>
>
>----- Original Message -----
>From: "Steve Pierce" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Monday, November 13, 2000 1:14 PM
>Subject: RE: Mail Servers
>
>
> > Vopmail still has a problem with from lines of just a name and no
domain.
> > Vopmail assumes the sender must be from the default domain and the
server
> > and then will let it relay. That is a definite no-no. Thus it is very
hard
> > to get VOPMail off the spam block lists.
> >
> > Vircom has been aware of the problem for some time, yet they have been
> > unwilling to do anything about it. I too have strongly recommended
>Vircom's
> > VOPMail in the past. But this recent discovery of a spam hole and lack
of
>a
> > fix from Vircom over a known spam hole makes me question my past
> > recommendations.
> >
> > - Steve
> >
> >
> > -----Original Message-----
> > From: Justin Scott [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 13, 2000 2:10 PM
> > To: CF-Talk
> > Subject: Re: Mail Servers
> >
> >
> > > Having problems with SMTP and hops.
> > > What mail server(s) does anyone recommend to work well with CF 4.5.
> > >
> > > Thanks for your time.
> >
> > I prefer VOPMail from Vircom myself. It handles just about whatever you
>can
> > throw at it very well, and has full database integration built in so you
>can
> > manage all your mailboxes via ODBC if you want.
> >
> > _______________________________________
> >
> > Justin Scott :: [Staff Developer]
> > http://www.annex.com
> >
> >
>
> --------------------------------------------------------------------------
>--
> > --------------------
> > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send
>a
> > message with 'unsubscribe' in the body to
>[EMAIL PROTECTED]
> >
>
> --------------------------------------------------------------------------
>----------------------
> > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send
>a message with 'unsubscribe' in the body to
>[EMAIL PROTECTED]
> >
>
>---------------------------------------------------------------------------
-
>--------------------
>Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
>message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
>
>---------------------------------------------------------------------------
---------------------
>Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send
>a message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
>
>-=-=-
>SBG-Priority: 4 (Low) http://www.internz.com/SpamBeGone/
--
Michael She
I m a g i n e C o m m u n i c a t i o n s
Company E-mail: [EMAIL PROTECTED]
Personal E-mail: [EMAIL PROTECTED]
ICQ UIN: #243466
Personal Homepage: http://www.michaelshe.com (Under Construction)
Imagine Communications: http://www.imagineer.net
PGP Fingerprint: 9A24 1DA9 39B8 0A0C C5ED 6E5D 45E9 075A 51CD 66A1
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
