OT: Political Spam - what can you do about it?
paul at city-fan.org
Thu Oct 28 07:23:38 UTC 2004
On Thu, 2004-10-28 at 00:02, Nifty Hat Mitch wrote:
> Blacklisting for an ISP is not a good thing but it can also be used to
> advantage. Designate one subnet as 10complaintsPlus or some such
> 'trouble' list. Assign this user and other 'trouble' hosts to this
> subnet. Just to save bandwidth, you have some need to scan for virus
> symptoms and other problems. When you 'smell' a problem you might
> disconnect then move that host to a quarantine net.
> The value of this is that spam detectors can detect the source IP address
> and increase the score on the other end of things. In this way you do
> not need to terminate service. You will have made one step toward
> cause for pulling that service.
> The trigger for action would be complaints in addition other policy based
> review (perhaps bandwidth).
> The alternative is that all your nets would be blacklisted because
> of one user.
If you follow this policy, the likely result is that all your nets would
end up blacklisted anyway. Many of the blacklists would initially list
only the "problem" net, but seeing that the problem wasn't going away
(even if you were eventually booting spammers, you'd be replacing them
in the same subnet with the next set of troublemakers), the listing
would escalate to include more and more of your IP space until it was
all listed. Not all lists do this of course, but some do, and they
include SPEWS and many people's private lists, which are much harder to
get out of than "public" lists. If it became public knowledge that you
were moving spammers to their own subnet rather than just booting them,
that would likely result in escalations happening sooner, as you'd be
seen as a "spam-friendly provider". They key is to have a strong
Acceptable Use Policy and to enforce it. And have a working "abuse"
address of course.
Paul Howarth <paul at city-fan.org>
More information about the users