Re: tlug: Bulk mailers

["Stephen J. Turnbull" <turnbull@example.com>]

--------------------------------------------------------
tlug note from "Stephen J. Turnbull" <turnbull@example.com>
--------------------------------------------------------
>>>>> "Chris" == Christopher Wiles <wileyc@example.com> writes:

    Chris> On Thu, 22 May 1997, Jim Schweizer wrote:

    >> Hmmm, not entirely fair to the hundreds of ligitimate users

For them to survive, it had better be more like hundreds of thousands.

    >> (like everyone at Shujitsu Joshi Daigaku) but who ever said
    >> life was fair.

    Chris> There are non-spamming users at hotmail.com?  Interesting ... 
    Chris> I've only seen garbage emerge from that domain.

I have yet to see a spam _from_ hotmail.com or Juno.com; I have seen
them used as mail drops, and I have seen a return path to hotmail
which I think was faked, because (a) the user was a numerical address, 
and (b) it passed through a promiscuous mailer and all preceding
headers were patently faked.  Seems like a silly place to spam from;
too awkward through the Web browser interface.

I do however regularly get real mail from Hotmail.COM, since it's the
most portable email address for poor people (exchange students often
can get access to Web browsers but not telnet, for some reason; if
you're homestaying with an AOLuser, you have Web access but definitely
not telnet).

    Chris> On Thu, 22 May 1997, Stephen J. Turnbull wrote:

    >> Do I need a firewall, or are there mailers that can be
    >> configured (like wu-ftpd) to reject certain hosts?  Or can I do
    >> this with "hosts.deny"?  (I guess that requires a TCP wrapper,
    >> tcpd?)

    Chris> There's a set of rules for sendmail that tell blacklisted

sendmail, yuck.  Strictly from need....  But if that's the way to go,
I'll do it.  I don't think there's any way to prevent smail from
serving all comers, so I may be forced to switch to keep out the
bandits myself.

    Chris> machines to go away (it does identification via the HELO

I hope not; that's the easiest thing to fake.  You _must_ do it at the 
TCP/UDP port level.  Smail checks this, I assume sendmail does too.

    Chris> command, I think).  The drawback is that it won't stop
    Chris> email that has been sent (or relayed) via a victimized open
    Chris> SMTP server.

This often can be detected by procmail by checking for a failed
reverse DNS map.  No, I haven't written the code yet, but with the
majority of my non-ML mail today being spam (first time that's
happened) I think I'm about to....  However, according to the man page 
for tcpd, it can be detected at that level, and probably more easily.

    Chris> I've been dropping hosts like hotmail.com into the
    Chris> /dev/null section of my .procmailrc ... that seems to do
    Chris> the trick.

I would like to increase the number of "undeliverable" email
addresses, and put bulk mailers out of business.  The procmail
solution doesn't help with this.  The wildcard lusers at Hotmail and
AOL don't bother me; they die a fast, well-deserved death.  A big
change for AOL; their attitude in the "Green Card Lawyer" days was
"what our users do with email is none of our business."  I believe AOL
has also put chastity belts on its mailers.  There was a time when I
told my mother and sister that I was ready to shut AOL out of my
machine, since I was getting more spam than mail from them.  They
fixed that by writing more often :-)

By the way, the procmail mailing list itself has been spammed
repeatedly in the last week....  C'est la vie, I guess.

Ciao.

-----------------------------------------------------------------
a word from the sponsor will appear below
-----------------------------------------------------------------
The TLUG mailing list is proudly sponsored by TWICS - Japan's First
Public-Access Internet System.  Now offering 20,000 yen/year flat
rate Internet access with no time charges.  Full line of corporate
Internet and intranet products are available.   info@example.com
Tel: 03-3351-5977   Fax: 03-3353-6096