Re: OT: Determining toll free # ownership
See www.junkfax.org --Steve Bellovin, http://www.research.att.com/~smb
Re: OT: Determining toll free # ownership
On Tue, 6 Apr 2004, Jon R. Kibler wrote: > fax telephone number. We have captured several dozen faxes sent through > that number over the past few days, and they all have 'enter your number > here to delete' toll free numbers on them and we would like to find out > the telco that owns those blocks of 800# so we can complain. Why call the telco? The Telco is not law enforcement. The Telco will probably just tell you to file a police report, and use the Call Trace feature on your phone line. When, and only when, the police request the information for the Telco will the telco provide the results of the Call Trace to the police. It is then up to the legal system to take action.
Re: OT: Determining toll free # ownership
On Wed, Apr 07, 2004 at 10:16:09AM -0400, David Lesher wrote: > > Speaking on Deep Background, the Press Secretary whispered: > > > > > > Hi, > > > > I know this is somewhat off topic, but I am hoping someone here has previously > > dealt with this problem and has an answer. > > > > For some reason, the access telephone number for our "internal use only" dial-up > > modem pool -- which also happens to connect to our fax server -- has gotten on > > several fax spammers telephone list as being a fax telephone number. We have > > captured several dozen faxes sent through that number over the past few days, and > > they all have 'enter your number here to delete' toll free numbers on them and we > > would like to find out the telco that owns those blocks of 800# so we can complain. 'For some reason' ... junkfaxers 'war dial' looking for fax tones. That is how one of my totally unlisted and never distributed fax number got picked up. Since I use that number only for outgoing paper faxes, the fix was easy. I turned off auto-answer. -- -=[L]=- PS: Sorry for sending this to you, 'reply' in this case did not get me the list.
Re: OT: Determining toll free # ownership
Speaking on Deep Background, the Press Secretary whispered: > > > Hi, > > I know this is somewhat off topic, but I am hoping someone here has previously dealt > with this problem and has an answer. > > For some reason, the access telephone number for our "internal use only" dial-up > modem pool -- which also happens to connect to our fax server -- has gotten on > several fax spammers telephone list as being a fax telephone number. We have > captured several dozen faxes sent through that number over the past few days, and > they all have 'enter your number here to delete' toll free numbers on them and we > would like to find out the telco that owns those blocks of 800# so we can complain. > > I have heard that there is a number that you can call, enter a telephone number -- > such as the toll free number we want to complain about -- and it will tell you the > telco that owns that phone number. Does anyone know what that number is? > Knowing the RespOrg will do you little good by itself. Your better bet is to sue the fax spammer. Google on "Robert Braver" or "junk fax" for help. It's likely "fax.com" and you can read about FTC action against its owner. A shorter-window solution is to move the fax to a new number. Let the spammers wear themselves out trying to send faxes to a V90 pool. -- A host is a host from coast to [EMAIL PROTECTED] & no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
OT: Determining toll free # ownership
Hi, I know this is somewhat off topic, but I am hoping someone here has previously dealt with this problem and has an answer. For some reason, the access telephone number for our "internal use only" dial-up modem pool -- which also happens to connect to our fax server -- has gotten on several fax spammers telephone list as being a fax telephone number. We have captured several dozen faxes sent through that number over the past few days, and they all have 'enter your number here to delete' toll free numbers on them and we would like to find out the telco that owns those blocks of 800# so we can complain. I have heard that there is a number that you can call, enter a telephone number -- such as the toll free number we want to complain about -- and it will tell you the telco that owns that phone number. Does anyone know what that number is? Thanks! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Re: Anti-Spam Router -- opinions?
On Wed, 2004-04-07 at 14:25, Dave Howe wrote: > I think 10 is a bit low. It is, although it's more of an example value than a practical one. You'd have to get some statistics on average e-mail use from your mail servers and tune the value accordingly. > I am not really an abnormal email user - but I tend to block answer a lot > of emails, and send them as fast as I type them - so I can easily send > 20-30 emails in the first hour, then maybe an hour slack, then another > dozen or so - depending on inbound traffic and what arguments are ongoing > on my mailing lists at the time. Same here, but this pattern of e-mail burst - slack - burst etc. could be quite easily implemented in the way described, as long as you have some accurate statistics to use as baseline values and adjust the actual operational values accordingly. > Ok, I could in theory use web forums, usenet (probably also subject to > your rate limiting) or whatever for this, but tbh I don't think I can in > practice - if the discussion is on a mailing list, at best I would have to > sign that list to a web mail account and reply that way, and as an average > user I don't see why should I make life awkward for myself like that just > to make life easier for admins (and I *am* an admin, so I have to look at > both sides of the coin here) Agree, it should be transparent to the user, but again that's where accurate figures come in, and ofcourse the whole system could be as fine-grained as you like, with further limits and slack on subnet level, or by dividing into departments/organisations each with their own limits on different levels (although keeping it as simple as possible would ofcourse be preferred). > I notice you are limiting by > smtp session, and a spammer could easily send 100 emails each going to 100 > recipients in a single session. Yep, that's the main problem, limiting the amount of recipients as well as SMTP connections seems to be impractical although perhaps not impossible. An average user nor running a mailing-list will not realisticly send many e-mails to >100 recipients, and when they do it's often internal distribution lists within the same domain, so limiting recipients to a sensible value might not be as hard as it sounds. It also depends on where you want the limiter. When limiting connections between the user and his outgoing SMTP server you run into the recipient problem, so you might be better of limiting outgoing connections from your SMTP server, since multiple recipients will result in multiple outgoing connections from the sending server, althoug this does make coming up with accurate values for the actual base-line limits harder. It would probably require a pretty painful initial setup where the provider tracks e-mail statistics over a period of time and either bases a general limiting value on a good analysis or tweaks the limits on a per customer basis, making the initial setup very labour intensive, but perhaps better in the long term. Instead of automatic blocking you might put in a system where the admin gets alarmed by unusually high activity above the initial limit+slack and the mail is cached but not sent out before admin intervention, allowing the admin to decide whether it's malicious mail traffic or not without disrupting normal service for the user, apart from occasional delivery delay. Regards, -- --- Erik Haagsman Network Architect We Dare BV tel: +31(0)10 7507008 fax:+31(0)10 7507005 http://www.we-dare.nl
Re: CW Routing Registry source change to SAVVIS.
At 16:56 -0400 (GMT) 6/4/04, Padliya, Deepak wrote: Greetings ! On March 8th, 2004, SAVVIS Communications Corporation (NASDAQ: SVVS), a leading global managed services provider, secured all regulatory approvals and closed its acquisition of the assets of Cable & Wireless... We expect the downtime to be... Fingers crossed, due to the good reputation SAVVIS has with the anti-spam community (SAVVIS has probably the best AUP in the industry and a well-respected Abuse team), at Spamhaus we're hoping this spells extended downtime for the large mass of spammers Cable & Wireless and Exodus have been servicing. Spamhaus publishes a "Top 10 World Worst Spam ISPs" monthly chart from SBL data, and for March Exodus was 7th and C&W was 8th (I know we should combine 'Exodus' into 'C&W' now, but I'm afraid if we did C&W would probably beat the No1 place UUNet in volume of harbored spammers). So here's hoping the SAVVIS team can turn C&W round in more ways than one. -- Steve Linford The Spamhaus Project http://www.spamhaus.org
Re: Anti-Spam Router -- opinions?
Erik Haagsman wrote: > Spammers can only work when making enormous amounts of connections > each hour, so limiting a normal user to 10 connections per hour with > some extra slack after two or three connectionless hours, with an hour > blocking penalty if the user goes over shouldn't pose a problem to Joe > Average and will definitely keep spammers at bay without the added > administrative overhead of sending user's mail statistics. I think 10 is a bit low. I am not really an abnormal email user - but I tend to block answer a lot of emails, and send them as fast as I type them - so I can easily send 20-30 emails in the first hour, then maybe an hour slack, then another dozen or so - depending on inbound traffic and what arguments are ongoing on my mailing lists at the time. Ok, I could in theory use web forums, usenet (probably also subject to your rate limiting) or whatever for this, but tbh I don't think I can in practice - if the discussion is on a mailing list, at best I would have to sign that list to a web mail account and reply that way, and as an average user I don't see why should I make life awkward for myself like that just to make life easier for admins (and I *am* an admin, so I have to look at both sides of the coin here) if you had (say) 30 emails per hour, accumulating unused emails until you have 200, then that might work - but again, I notice you are limiting by smtp session, and a spammer could easily send 100 emails each going to 100 recipients in a single session.
Re: Anti-Spam Router -- opinions?
On Wed, 2004-04-07 at 13:18, [EMAIL PROTECTED] wrote: > If any of your user connections is the origin of more than > 5 SMTP sessions in a single day, send an email to the > registered contact at that site with a little statistical > summary of the activity. No blocking of sessions, just a > note saying that we noticed you sent x number of emails > today. Give the user some action such as a URL that they > can do if they believe that this is abnormal. Why not use a more detailed time-interval based approach only blocking further SMTP connections for say an hour if a user made more than x connects in an y amount of time and automatically resetting the counters and block afterwards..? On top of the x/hour you could make the mechanism less of a burden by putting in an option that would allow connections to be "saved" for a maximum of two or three hours, so when someone comes into his office in the morning he can safely pour out his start-of-the-day e-mail flow without being bothered by the rigid 10 e-mails/hour since there wouldn't have been any connections in the few hours before coming into the office and he might be able to send 20 or 30 e-mails in the first hour before the counters are reset. Spammers can only work when making enormous amounts of connections each hour, so limiting a normal user to 10 connections per hour with some extra slack after two or three connectionless hours, with an hour blocking penalty if the user goes over shouldn't pose a problem to Joe Average and will definitely keep spammers at bay without the added administrative overhead of sending user's mail statistics. Ofcourse as you mentioned, mailinglists and certain users making extreme use of e-mail should always have the possibility of registering for more connections, but when done correctly this could be a more or less hassle free way of controlling mail connection rates without burdening 99% of all users. Regards, -- --- Erik Haagsman Network Architect We Dare BV tel: +31(0)10 7507008 fax:+31(0)10 7507005 http://www.we-dare.nl
Re: Anti-Spam Router -- opinions?
>OK. Make it 100, or make it "20 by default, user can ask for 100". Or >anything else like that. The *POINT* was that too often, a compromised >end-user machine can send *THOUSANDS* of messages. Not tens. Not >hundreds. Thousands. Here's another way to structure this sort of policy using a "soft" limit which would also make it feasible to have a limit lower than 20. If any of your user connections is the origin of more than 5 SMTP sessions in a single day, send an email to the registered contact at that site with a little statistical summary of the activity. No blocking of sessions, just a note saying that we noticed you sent x number of emails today. Give the user some action such as a URL that they can do if they believe that this is abnormal. Then you could make the hard limit for blocking sessions into a larger number such as 50 which is extremely unlikely to block anyone's real email. Of course, anyone running a mailing list would still have to register that fact with you so that you can remove the hard limit on them. --Michael Dillon
