Jump to content

Hoot Fluegelhorn

  • Posts

  • Joined

  • Last visited

About Hoot Fluegelhorn

  • Birthday 06/06/1958

Profile Information

  • Gender
  • Interests
    (Real) operating systems, networking, VoIP, My badass Honda ST1300, but before all that, my wife and girls, and grandsons. So Yeah.

Hoot Fluegelhorn's Achievements


Newbie (1/6)



  1. Hi Showker, I hear you.... "White sails in the sunset" paints a much kinder picture than facing the challenge of 9K Spamcop/ 96K Knujon reports coming at you in the next handful years. There are multiple (voluntary, non-profit and commercial) cybercrime fighting organisations trying to deal with the issue from their own context. Projecthoneypot.org, spamcop, cloudmark, spamhaus, caida.org, knujon and many more. I would like to think we're not lost yet, but the defending team is too dispersed. I don't have a clue how to increase a much needed cohesion. Equally, in the traditional sense, the end user depends on the maintainer of the mailbox to keep him safe. From that same traditional context, the mail server used to be better equipped than the end users' workstation to interrogate (RDNS)BL's, but over the years the tables have turned on this. With the current on-board horsepower, a PC should be able to query those blacklists & drop lists all by itself. However, the home-team seems to be stuck in old paradigms and methods. If the good guys could tap into this wealth of computational power, we could strike a serious blow. A conscious opt-in defense network so to speak. Just venting some thoughts.. I bet you have a handful of your own, what, would you care to share those?
  2. scuser627 has a point. But let me start by saying that I think we're all volunteers here, y'all have my respect! The spamcop.net site and procedures are ancient. The FAQ seems still centered around the founder of spamcop, the site desperately needs a full overhaul. The user is expected to contribute an amount of money, in return the nagging and page delay would be lifted. Those operating spamcop.net should acknowledge the fact that we, as users, are just as much volunteer contributors in combatting spam. We.don't.get.anything.out.of.it. There is no service delivered to the user. So, yeah. Think about it...
  3. Hattula, As fellow newbie.. follow the process. If the rule is that spam has to be <48 hours, than that's the rule. Don't ask for more.. There is a shipload of spam that goes through the systems, so missing a handful doesn't make all that much difference. What I suggest you do, is to add a filter on your webmail. In the filter you add the ip address of the MX that sends you that spam, or another common attribute that identifies the sender. Then you set the rule to discard the e-mails that match, and poof... no more mail from that sender. AND Get in touch with your mail system admin. Ask him why he is not using spamcop RNDSBL's or similar. HE should already help us keep spam out of our systems ! Take care, and keep fighting the fight.. Hoot
  4. I've been reporting a fair bit of recent spam the last couple of weeks. What strikes me as odd, is that pretty much all reported IP addresses are not listed in any RBL Statistics: not listed in bl.spamcop.net More Information.. not listed in cbl.abuseat.org not listed in dnsbl.sorbs.net Are these all 'fresh' IP's on which no wrongdoings are reported ever? I haven't quite found the rule behind spamcop placing an IP into its BL's, how many times a report on this ip needs to come in, etc. If you can shed some light on it, I'd be grateful. It seems to me we're lagging behind already. Spamcop and others, compile (RDNS)BL's that security conscious sysadmins can decide to query. It all revolves on IP addresses, and most of the time DNS lookup as search tool. Enter IPv6. 34vintimillion possible combinations. More addresses than atoms in the universe. I can imagine obtaining thousands of IP addresses, and use existing tooling to: scri_pt an smtp host, assigning a different ip addy on its interface, add an associated Quad-A and PTR records in my dns, and hammer away. If I cycle this interface IP, no BL will be able to keep up; or at the least the user community that now uses spamcop/cloudmark/knujon etc will lag behind greatly. So yeah. The huns are on the horizon. What's our play? Bye, Hoot
  • Create New...