Spam, Spam, Spam, Spam, Spamity, Spam! (Penguin)


“I’m not mad I just say ‘Penguin’ at the end of every sentence. Penguin” 😛

SPAM is everyone’s un-favourite topic in IT security, and has been for the last few years… Why isn’t it getting any better? Good question, and everyone has a different answer.

MY answer is this: Bloody useless ISPs

Current case-in-point is Telstra Bigpond. Most of their SMTP relay servers have been listed in several of the major anti-SPAM blacklists. (SPEWS and SpamCop for example)

Incidentally, Bigpond recommend the use of SpamCop. It’s just a shame that the only service THEY use is MAPS RBL.

Bigpond have been trying to make a big PR exercise out of their “initiative” to block TCP port 25 and thus prevent SPAM abuse of the Bigpond network. Ha! Not only have they not blocked port 25 for many segments of their network, it has only served to highlight how useless that is as a couter-measure. All the SPAMmers simply just use Bigpond’s own servers to relay their SPAM now, and Bigpond let them.
Right now, I can connect to a Bigpond mail server and relay mail to anyone with any from address I like. Granted I’m on a Bigpond service right now, but can you guess how many PCs connected to a Bigpond service have unknown mail-bots/proxies/etc running on them? How would a spammer connect to those bots? You can bet they don’t use port 25! 😐

What am I doing to limit my SPAM? Well, I drop anything listed on several anti-SPAM blacklists to start with (Yes including SpamCop, so don’t bother trying to e-mail me from a Bigpond account :D). Then I check for SPF records for the sender domain, and finally run some bayesian anti-SPAM filters over it.