[ On Wednesday, October 24, 2001 at 10:40:12 (-0400), Derek R. Price wrote: ] > Subject: Re: [Fwd: Meta-issue: recent spam surge] > > [[....]], in my experience I usually get a copy of each spam in my > personaly mailbox as well as the copy sent to each mailing list I > read.
90% to maybe 99% of the spam I get from the CVS list is always otherwise blocked from directly reaching my site by very simple and obvious SMTP filters designed only for security policy fulfillment -- i.e. not allowing my system to be a party of any theft of service or fraud. These are implemented with various DNS black lists. For example the latest SMTP-originated spam from this list that I haven't yet deleted was received at fencpost.gnu.org from a server that's listed in all but one of the major open relay black lists: $ rblookup 202.108.122.77 77.122.108.202.relays.osirusoft.com A 127.0.0.2 77.122.108.202.relays.osirusoft.com has no TXT record (Authoritative answer) 77.122.108.202.relays.ordb.org A 127.0.0.2 77.122.108.202.relays.ordb.org TXT "Blackholed by ORDB -- see http://ordb.org/lookup/?host=202.108.122.77"; 77.122.108.202.outputs.orbz.org A 127.0.0.2 77.122.108.202.outputs.orbz.org TXT "Open relay. Please see http://orbz.org/?202.108.122.77"; ORBZ and ORDB both provide verifiable, mechanical only, listings of proven open relays. Both have quite reasonable update times and are easy to get de-listed from once you've fixed your mailer. Osirusoft's list is somewhat more comprehensive, but can be tuned by using the value of the A RR returned; and they are the only list actively maintaining ranges of dialup and other dynamically addressed ports which are never sources of legitimate authorised SMTP connections. There's still the issue of the newsgroup gateway, but a minor delay in its processing would probably allow time for most spams to be cancelled. (at least I think the cancelbots are still running, no?) Unfortunately the powers that be at gnu.org have decreed that even spam shall not be blocked, filtered, or otherwise rejected by their mailers because they are afraid they will reject even one legitimate message from someone. They seem to believe that any amount of spam is preferable to rejecting one legitimate message. This is the last gnu.org list I subscribe to -- for some reason the spam levels on it are somewhat less than I experienced on other gnu.org lists I formerly subscribed to (the worst were the emacs lists and the vm list, though the auto* lists were pretty bad too). If list operators don't start doing something about the spam issue their forums will eventually become unviable for their desired purpose. You may not all appreciate my input to this list (and my former input to the other gnu.org lists), but I'm far from the only person I know who generally posted more answers and information than questions and who has dropped off these forums because of the spam levels and the unwillingness of the gnu.org operators to do anything at all about it. -- Greg A. Woods +1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]> _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
