[arin-discuss] Spammer/Abuser screening policy
Stephen Satchell
sysadmin at amhosting.com
Tue Apr 25 19:01:08 EDT 2006
Darren E. Canady wrote:
> Those "anti-spam wackos" had no concern for the fact that, as they saw,
> none of the activities BlueStream conducted that they classified as SPAM
> traversed our network. Thus though they acknowledged that BlueStream was
> using their own set of IPs over a totally separate dedicated connection
> was irrelevant. Our crime was hosting them in our facility. And no
> matter how kind, gentle, apologetic, or how much you argue, beg or
> threaten, they are relentless in their viciousness in responding to you.
That's because of certain large companies who continuously thumb their
noses at mail administrators (and system administrators, too) who ask
that said large company to be RFC-1185 compliant.
(Some people say that if you provide *any* support for spammers --
power, floor space, router transversal, even accounting services --
that's "spam support" and should be isolated. Yes, that's extreme. So
is the five million connection attempts to two of my mail servers.)
But I think that discussion goes far afield of the original question:
how do you screen customers. One reason that American Internet has
*not* gone the automatic-signup route is that we like to do a little due
diligence before opening our servers and network to "jest anyone."
Our biggest tool is where we check to see if the submitted information
is consistent: physical address isn't wonky (zip code in California for
a site in New York -- it happens), physical address and node address of
the IP are close. For existing domain names, we run them past SpamHaus'
ROKSO list.
Our billing department has also developed some rules of thumb, based on
experience with the bad apples that do get through. The result has been
heartening -- the number of spam complaints about us sourcing spam has
dropped. (It's helped that I rooted out the smart-host customers who
relay spam through my servers, too.)
For many of the sign-ups that don't pass first muster, we ask for
clarifications. For strings of bogus look-ups, we find that IPTABLES is
our friend.
One other thing: many systems do not properly track users who use a
mail server for relay. Part of the new architecture for my Plesk
systems closed this loophole.
More information about the ARIN-discuss
mailing list