This would work perfectly in a world of static IPv6 networks. Unfortunately, while we are all stuck using Dynamic IP pools, especially on dialup, when customers disconnect every 3 or 4 minutes, and IP addresses are re-assigned constantly, this (like almost all the previous suggestions) just isn't really feasible - especially from a helpdesk point of view. Sure, there are ways for it to be done, but with a large amount of hassle. Similar to the caching issue, the money burnt paying staff to maintain/troubleshoot these extra setups would quite possibly mean that little benefit would arise from it, apart from the CEO having to delete one less message per day. This also doesn't do anything to stop the various forms or Malware which either send email out via outlook* or digs for the info, and then relays to the SMTP server listed in the email config. The fixing really needs to be done at the user end - somehow. Maybe Microsoft will be smart enough to release something to combat this with the first release of Longhorn.. Probably not. It seems like a lot of us are trying to see a positive which doesn't exist, and probably wont for a long time. The music industry has been trying to combat piracy for years with all sorts of extravagant little schemes. "Lets make a CD which only plays in 'dumb' hardware, or hardware which supports proprietary Microsoft codec's! The end user wont mind the inconvenience, surely..) Still, pipe dreams are nice, and we all spend endless hours dreaming and scheming of ways to crush those ignorant little end users with our thumbs - while exploding in fits of evil laughter.. Jeremy. -----Original Message----- From: Richard Hector [mailto:rhector(a)paradise.net.nz] Sent: Thursday, June 10, 2004 9:17 PM To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Zombies On Thu, Jun 10, 2004 at 03:20:24PM +1200, neil gardner wrote:
OK, serious thought here... Bear with me... I may be a) Describing an existing system or b) way off base.
Transparent SMTP proxy intercepts all messages and maintains a running total of emails sent per source IP. This running total is actually stored as a time distribution (ie. 10 emails in 10 minutes, then none in 10, then 100 in ten etc)
Sounds pretty complicated to me. Why not just tell all your customers you're going to block port 25 except to your mail server, and that it won't affect them unless they're doing something unusual. Those that will be affected will probably know, and they can contact you and ask for an exception. You ask a few basic questions to make sure they have some degree of clue, and open it for them. Those who are doing it and didn't know will hopefully remember that email they got, and contact you afterwards. You'd probably need to send a few emails over the month before you actually cut them off. You could also monitor who's making direct connections before all this and contact them directly, of course. Most importantly, advertise what a good ISP you're being, helping save the world from spam. Just my thoughts. Richard _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog