[anti-abuse-wg] Re: how to punish a spammer

Thor Kottelin wrote:
 >> -----Original Message-----
 >> From: anti-abuse-wg-admin at ripe.net [mailto:anti-abuse-wg-
 >> admin at ripe.net] On Behalf Of Frank Gadegast
 >> Sent: Monday, August 09, 2010 3:00 PM
 >> To: Brian Nisbet
 >> Cc: anti-abuse-wg at ripe.net
 >
 >> removing networks from RIPEs databased
 >> will also remove all reverse mapping and nameserver entries, right
 >> ?
 >>
 >> No mailserver, that is configured to fight only a bit against spam
 >> accepts mail from IPs without a working reverse mapping.
 >>
 >> So, if RIPE ever wants to punish network abusers, thats an easy way
 >> of
 >> doing it ...
 >
 > I agree that this may be a somewhat effective approach.
 >
 > However, I doubt that most mail exchanges are configured in such a 
categorical manner. I apologise for not having any hard data to present, 
but my experience is that missing or dysfunctional reverse mappings 
often are used to increase spam scores (such as in SpamAssassin) rather 
than to reject mail outright.
 >

Thats right ...

The default setting for most MTAs these days is to complain about mails
from servers without any reverse mapping and to complain in a different 
manner about a not matching reverse mapping (at least sendmail, postfix,
qmail and Exchange CAN do this).
Most anti spam solutions surely raise the score, if there is no
reverse mapping or if the reverse mapping does not match the
hostname or HELO command.

My personal experience is, that most provider do not accept email
from servers without a reverse mapping but accept email from
servers with a not matching reverse mapping and use this for further
spam scoring. Some even put mailserver without a working reverse mapping
on their blacklists ...

So: its up to the server administrator to configure the final
solution and thats perfect, everybody can decide what to do.

A totally missing reverse mapping will surely help the receiver
a lot and harm the spammer ...


And removing route object will surely help even more.
Most transit provider and exchange points usually generate their BGP
filters from whois records and match them against customers
known ASes and peering partner ASes (when accepting routes)
daily.

No route objects means no peering, no routing and no announcement.

And transit provider or exchange points that are not working
this way, have a serious security problem anyway ...


All this is technically easy, the only thing missing is a discussion,
who decides, what objects need to be remove and why.


Kind regards, Frank
--
PHADE Software - PowerWeb                       http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
Schinkelstrasse 17                                fon: +49 33200 52920
14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
======================================================================
Public PGP Key available for frank at powerweb.de

-- 

Mit freundlichen Gruessen,
--
PHADE Software - PowerWeb                       http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
Schinkelstrasse 17                                fon: +49 33200 52920
14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
======================================================================
Public PGP Key available for frank at powerweb.de