Doug wrote: > ... > After examining the headers of many of the spam advertisments > I get and trying to contact the administrator of the network > it came from I find that it is usually futile because the > network doesn't exist and the IP information is incorrect. I > also find that most use false sender and reply address > information (in an attempt to keep recipiants from filtering > them). This makes it hard (at least for me) to do anything > about them. I have experimented with filters for subject > wording but this unfortunately hits on some of my wanted > email as well. This reduces my ability to to block them on > the receiving end. Even if I could it doesn't help the net > congestion they cause or do anything about the processing > time it is using across the net. These things leads me to > propose that a more global solution needs to be implemented. > The problem here is that when you bring this up for > discussion in a professional environment like this one people > don't want to discuss it. Instead they consider it a problem > that has no solution and just want to forget about it. An approach that is more effective than scanning for content is to simply block connections from the last hop in the SMTP chain before yours. This kills both direct spammers as well as open relays. The list can be long (mine is ~ 256 /24's for a private little mailer), but that is a tradeoff against how much space you want to block at a time. On several occasions I have considered putting in 61/8, 200/6, & 210/7, because that would remove 3/4 of the list, but that also creates a guilt-by-association for people with no control over their address space or those who are abusing it. While this approach avoids having the content traverse the wire, some of the machines are tenacious, as yesterday's log shows. http://www.tndh.net/~tony/ietf/2003-01-05-log.txt Tony