Don Anthony wrote: > If I could find some SPAM killing software that has a routine to scan > the body text for URLs and trash anything with a URL pointing to > China, South America, Korea, Pakistan, Ukraine, etc., almost all my > SPAM would be eliminated. Can a routine be created to read the table > that identifies IP address ranges and the owning domain body (ARIN, > APNIC, LANIC, etc.) be used to quick flag SPAM like this? Why has no > one jumped on this? What am I missing?
A significant chunk of the spam I'm seeing originates from trojanned home user PCs in North America - DSL/cable modem customers who have been infected with one or more of the viruses released in the past year or so, and whose systems are now being used by the spammers (wherever they actually are) to spew out unwanted email. Or worse, trojanned PCs in big corporations or university computer labs (or dorms, but that's essentially home-user-broadband-land). The spams point to URLs that reference that same set of trojanned PCs- with enough of them and the appropriate DNS magic it's a server network to rival Akamai's image-server network. (Not even occasionally *entertaining* spam any more, either. When you only got 2-3 a day, and you could usually expect one or two a week to be at least mildly amusing, it wasn't much trouble...) -kgd -- "Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken." - Unknown
