Francois Gouget wrote:
On Mon, 12 Feb 2001, Dan Kegel wrote:
Francois Gouget wrote:
But I'm not behind a modem. I'm behind a DSL so the above really doesn't matter much.
Ah, but you don't have a static IP address, I bet. It's much easier to track back spam to a static IP address, so those addresses are much safer from being spam sources. It's those dynamic IP addresses that let spammers hide.
How is forcing me to use my ISP's mail server going to help? You'll get the ISP's IP address granted. But the 'From' field is going to be forged so the ISP will have no idea of who sent the mail.
The only way for them to find out is to look at the header and see from which IP address the mail originates. And this is going to be what? You guessed it, a dynamic IP address! Just like in the headers you get from me: they source is my dynamic IP address.
Yeah, but you also generated an entry in the mailservers log and I am sure they are keeping track of their own dynamic IP assignments at specific times. So therefore it gives people one authority to bitch to for spam (the ISPs mail server) and from their the ISP can take appropriate action. It also means that if there is tons of spam from the ISP then the ISPs mail server just needs to be blocked since all the "dial-ups" already are.
So you're back to square one and you haven't gained anything.
Ok, I'm not an expert of spam tracing, but it seems to me that the best way to find its source is to do a whois and a traceroute on the originating IP address.
Ish. Sometimes there are extra forged headers too.
It also seems to me that this leads to a system where dialup users are second rate internet citizens and have fewer rights than first rate citizens. So in this future if you're not an accredited corporation you would not have the right to connect to any computer but your ISP's servers which will then relay your traffic... for a fee, if they see fit...
Well, sorry, but if you want to get rid of spam, we need to add some primitive tracability features to the email system, and requiring a static IP is part of that.
I'm not convinced about the static IP aspect. Even if it turns out to be necessary I still cannot swallow the way the MAPS DUL puts it: "...use the equipment you're authorized to use". This clearly implies I'm not allowed to connect to their email server. If that's so I really don't see why I would be allowed to connect to their Web server, or anonymous ftp server, ... Then what's left of the Internet?
I thought of it more as "You are given a nice mailserver that has a very permanent connection to the net and can be reached at all times. Use the damn thing." I also have to say that using the DUL has saved me from many a spam according to my logs Every so often I get SPAM from a dial-up that is not listed in the DUL and I encourage the ISP to add their dial-up pools to the DUL.
Now, your case would seem to be someone different since it's not like you can really get a throwaway DSL/Cable connection as easily as a standard dial-up. There is quite a bit of setup involved usually. I know for cable they must send a tech to your house, they do not allow self-installs, period. So that also solves the fake name/address problem. Personally I would rather that the DUL did not list DSL/Cable IP pools, or if they were in a seperate list. But I love the fact that the DUL lists most of the major dial-up pools. Especially consider that on a dial-up link you really can't reliably run your own mail server and have almost no reason for doing so since your ISPs mail server is there and you are authorized to use it. On a DSL/Cable link you can conceivably run your own outgoing mailserver, and even run an incoming one if you have a static IP. In fact, I probably save @Home a bit of cash by running my own mailserver since it means I am not using resources on theirs, so I can't really see the reason for DSL/Cable to want to put their IP pools in the DUL. (BTW, I have a static IP which is not listed in the DUL).
Oh well, this debate is getting kind of old. You really ought to try using all three MAPS lists and also report any spam that comes through anyway to maps and to the ISPs/sysadmins/etc. involved. You will be amazed at the decrease in spam. I used to have like 4 a day. I get one every few days now (so like 2-4 a week). Every so often there is a burst of like 3 spams in a row from the same dumbass but other than that it has been very effective and thus I support MAPS and encourage others to do so as well.
-Dave