Re: Man gets nine years for spamming

From: Michael Pelletier (
Date: 04/13/05

Date: Tue, 12 Apr 2005 22:29:15 -0700

winged wrote:

> Michael Pelletier wrote:
>> Leythos wrote:
>>>On Tue, 12 Apr 2005 19:49:57 -0700, Michael Pelletier wrote:
>>>>Please use DNSBLs. It is easy.
>>>>You configure it on your email gateway(s). Sign up to report the Spam.
>>>>Reporting it is a easy as just forwarding the email to the special email
>>>>address the DNSBL provider supplies you...At work I made a contact so
>>>>everyone in my company can report spam by forwarding the spam to the
>>>>address in the contact.
>>>I use spamhaus and key-word matching filtering in addition to other
>>>methods. We catch 30%+ in RBLS and another 40% in matches/other methods,
>>>but we still get about 5% that's getting through....
>> Check out razor...and use muliple DNSBls. I had the same problem I now
>> use 4 and porbably will increase that too. Some of the DNSBLs specialize
>> in black
>> listing cable modem/DSL/Dialup user's IP blocks, etc. I would really
>> recommend that also.
>> In short you need a minuim of 4 DNSBLs...
>> Also, do you report the SPAM to the spamhaus?
>> Michael
> We have had issues using blacklisting. We still use it, however we have
> found it only moderately effective. Additional management overhead
> occurs when legitimate domains get on the list that must be removed.

First understand that if you get on this list (it does not go by domains, it
goes by IP address) it was because you spammed someone. 99% of the time it
is from a poor IT staff and bad IT policies...(ie malware, not block
desktop access out via port 25, forwarding enabled on email gateway, etc)

To alleviate this, whitelist your company's partners...that's it...

> This does occur which can lead to DOS for critical communication links
> where critical information can be lost with no audit trail or recovery.
> It may take some days to even notice a legitimate site is on the list.
> Winged

Again, you simply whitelist your company's partners. Also, it is untrue to
say it does not leave an audit trail because:

1) When you configure your DNSBL you also configure the bounce message. When
someones email get block, you send back why and how to fix it. Here is mine
home servers config snippet:
FEATURE(`enhdnsbl', `', `"550 Mail from "$&{client_addr}
" rejected. You are blocked see:" $&{client_addr}',
`t')dnl you can see above, I send a bounce message of "You are blocked see IP address>"

2) In the logs I can review EVERY bounced email address. It is trivial...In
fact I have a script that summaries this and emails it to me everyday. is cake guys...

"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald