Not re-trying to send msg after a 4xx reject is not legit MTA behavior, and typifies sending software (spamware, mailer worms/bots/ratware in infected machines, high-volume spam farms that don't spend resources to retry) that don't use (or have) the typical MTAs defer/queue/retry facility.
( btw, for you webhosting outfits, another class of machines that are legit but greylistable is web apps that email forms, sales leads, reports, etc. using the web app's SMTP client (no defer/queue/retry facility) that sends direct to MXs, rather than relaying through a real MTA. )
Another category here is companies that write their own mass mailers. A couple of airlines, for example, have written their own mass mailers that almost certainly do not incorporate re-tries. Tons of companies -- ranging from a small Internet startup with a handful of people to Fortune 500 companies -- have written their own MTAs that are just lousy (typically written by a web developer that knows a bit of ASP, rather than a programmer, because neither the boss nor the programmer realize that there are RFCs that should be conformed to).
While it *might* be considered acceptable by people with very strict anti-spam policies to block those E-mails, it's quite possible that those IPs would send mail using a real MTA, too.
The point is that these network operators are not policing their networks for infection or unusally high direct-to-MX mailing from subscriber IPs. They clearly don't block access to port 25.
True in most cases.
So, if ASTA or anybody else really wanted to follow ASTA's suggestion of blocking networks that were unpoliced/unsecured, here's the list of networks to block:
No, it doesn't work that way.
First, ASTA isn't saying "Block 'em all!" -- they are warning ISPs that they are at risk of being blocked if they don't get their acts together. Blocking them overnight is pointless -- the point of the ASTA proposal of 5 days ago was to get ISPs to fix the problem, not to race out and block them all. Large corporations can't change their behavior overnight; it takes months to do something like this.
Second, ASTA isn't saying "Block anyone you want!". They are saying "If the ISP does not *reasonably* control abusive traffic, it is *at risk* of being blocked by other ISPs." That means that before blocking, a good ISP will make sure that the company involved does not have reasonable abuse control in place, and won't acting without reason (being a "Good Neighbor", as they say).
14799 comcast.net 5269 rr.com
So the first two in your list are not surprisingly large ISPs.
4580 com.hk
But the third encompasses all the commercial entities in an entire country! You've got to be kidding me. You're suggesting that people block all of Hong Kong? Ouch. There ain't nobody who read that from ASTA!
2631 com.br 2559 net.br 1877 ne.jp 981 com.mx 961 co.uk 852 net.il 671 com.ar 303 net.au
Let's block Brazil, too! Japan, Mexico, Israel, Argentina, Australia and the United Kingdom must be Evil, too.
985 aol.com 404 hotmail.com
Oh, yes -- AOL, as one of the sponsors of ASTA, surely has huge spam problems. Granted, AOL (and Hotmail) do have a bit of spam coming from their networks, but a *much* smaller percentage than just about any ISP.
161 remax.net
And the realtors of the world.
... etc up to about 4800 unique domain.tld's.
Yeah, there is a lot of E-mail sent in the world!
btw, I didn't compute it ... Total insanity.
Agreed. :)
Len, what you have done here is just like what you did with the vanity reverse DNS issue -- you make an authoritative statement ("ASTA... here's the list of networks to block:") with a list of networks to block -- that you HAVE NOT EVEN LOOKED AT! Sorry, Len, but you just can't go compiling lists of people to block without checking them. I've been in the anti-spam business since 1997, and there are lots of people like you out there, but fortunately most quickly and quietly disappear when people realize that blocking without thought is a bad thing. Sorry to be harsh, but you're telling people that they should block AOL and all of Australia -- and I'll bet you had no clue that you were doing so!
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
