[geeks] Jackass spammer...

Sheldon T. Hall shel at tandem.artell.net
Tue Apr 10 16:18:44 CDT 2007


Quoth Mark ...
> 
> It could just be an anonymous proxy setup to look like a 'direct'  
> spam. 

Sure, but you can get the IP address of the submitting machine from the
headers of the message.

> I could just be talking bull too ;o). However if the above is the  
> case you have little or no hope of back-tracing it, and if you do  
> you'll probably just end up at some Joe Public's XP machine who's  
> been playing Counterstrike the whole time and is oblivious.

You can trace spam back to the machine that submitted it to your (or your
ISP's) mailserver, but so what?  In most cases it is a compromised machine
run by someone who doesn't care.  Even if he cares, he's already proven
himself incompetent, at best, or anti-social, at worst.  In either case, he
probably won't fix it.  Sending him a message, thus confirming that his spam
got through to a live address, won't do you a bit of good.  Your best bet is
just to block the IP address.

Of the volume of spam I receive (and it's a goodly volume), I can block ...

about 83% with zen.spamhaus.org
about 08% with some simple "looks like PC on a dynamic address" regular
expressions
about 05% with a local blacklist of IP addresses who have sent spam to my
spamtraps
about 02% with greylisting
about 01% with blocking other obvious spam headers
and over half of the rest with various other simple checks, including a
blacklist of spam sender domains

... without running any sort of heavyweight content inspection like
SpamAssassin.  About one spam in a thousand gets through; the other 999 are
rejected, and the submitting machines have to eat 'em.

-Shel



More information about the geeks mailing list