This is the latest draft of “mydnsbl,” which is a personal project I’ve been working on. It’s been about half work time and half personal time. As of now, the software seems to work OK, and the docs are pretty complete (for testing purposes anyway). I will soon be moving on to the more daunting task of trying to test my new DNSBL with actual user mail, if I can convince management that it’s safe. ...
As posted to SPAM-L… reposting in my journal mostly for my records… ---------- Forwarded message ———- Date: Mon, 3 Jan 2005 13:06:28 -0800 (PST) From: Greg Connor To: SPAM-L@PEACH.EASE.LSOFT.COM Subject: MISC: early prototype “too many user unknown DNSBL” This is a project that I’m working on, sort of for work but mostly in my own spare time. It doesn’t actually do anything useful yet, but I wanted to get some feedback on it from you fine folks… The idea is that I want to keep track of the last 10 transactions from each IP, and if 9 of the last 10 transactions were user unknown, then that IP should go on a local DNSBL for something like 2 hours.
I spent a number of hours this weekend creating a mysql / perl / cgi script, to accept abuse reports and file them into a database. This is part of a (hopefully) ongoing project which users can feed spam into and get customized blacklists out of. The prototype is at http://abusetrack.nekodojo.org/test if you want to check it out, though it doesn’t really work quite at all yet. Create user Paste spam in Sign the report (doesn’t actually check pgp yet) ...
Working on anti-forgery stuff. Here is my latest post to the IETF MARID working group. (Might be interesting to some folks but I’m mostly keeping it in my journal for myself)
Here is a quick view of what I have been working on in my spare time :) I have been interested in anti-spam anti-forgery initiatives for quite some time… some of the early writing in this journal is about spam and how we should be fighting it. One of the recent initiatives/proposals to combat forgery is SPF. I have been tracking it and staying active on its list, in addition to keeping up with SPAM-L and also participating in MARID, which is an IETF group checking out anti-forgery efforts with an eye toward publishing an Internet RFC. Here is a summary of one recent event. Also, due to my persistent, positive presence on the SPF discussion list, and participation in a few in-person meetings, and possibly also due to my strategic Silicon Valley location, I was asked to speak on another panel next week in SF… I will keep everyone posted as to how that goes. /gregc. The INBOX event took place over two days (I think) and I didn’t go to the whole show, but I attended the two evening sessions that were related to SPF. On the whole it was a *VERY* positive show for us. Here is a description.
I was fortunate enough to be invited to dinner with Meng Weng Wong, Harry and Jim from Microsoft, and some others from Verisign, IBM, Spamhaus, etc. Over beers, we talked about the ideas that Meng/Harry/Jim had hammered out over the previous couple days. (This is part of the MARID working group meeting last week, though not the only part. Is anyone interested in the rest of the meeting? :) I am a long-time supporter of SPF and I was skeptical of anything that would appear to be a compromise to MS. But, the two proposals had more things in common than they had differences. ...
What’s the big idea here? Problem: Any spam blocking list is either too specific or too small/ineffective to be noticed, or it is effective enough to get spammers to attack/threaten/sue its owners and DDOS its servers into the stone age. Proposal: Make a blocking system that: is fed by raw data from its members so that there’s not one person or group “making decisions” allows members to show their policies and see others ...
Of interest to users of nekodojo.org, but other folks interested in spam control may view also, if you like.
In my ongoing campaign of… well, not really evil, more like “civil disobedience”… Day 1. Found 18 subnets/24 that were already sending us >100 bounces per day. Using iptables I arranged to give them “connection refused” for all connection attempts. No changes to sendmail.cf yet. Day 2. Switched sendmail.cf to detect bounces (meaning MAIL FROM: ) and respond with 454 instead of 550. These are all guaranteed-forged domains so there’s no such thing as “legitimate” bounces. Also blocked another 16 ip/24 ranges found to be sending >100 bounces per day. ...
Geeky anti-spam stuff…