[arin-discuss] Spammer/Abuser screening policy

Stephen Satchell sysadmin at amhosting.com
Tue Apr 25 19:01:08 EDT 2006


Darren E. Canady wrote:
> Those "anti-spam wackos" had no concern for the fact that, as they saw,
> none of the activities BlueStream conducted that they classified as SPAM
> traversed our network. Thus though they acknowledged that BlueStream was
> using their own set of IPs over a totally separate dedicated connection
> was irrelevant. Our crime was hosting them in our facility. And no
> matter how kind, gentle, apologetic, or how much you argue, beg or
> threaten, they are relentless in their viciousness in responding to you.

That's because of certain large companies who continuously thumb their 
noses at mail administrators (and system administrators, too) who ask 
that said large company to be RFC-1185 compliant.

(Some people say that if you provide *any* support for spammers -- 
power, floor space, router transversal, even accounting services -- 
that's "spam support" and should be isolated.  Yes, that's extreme.  So 
is the five million connection attempts to two of my mail servers.)

But I think that discussion goes far afield of the original question: 
how do you screen customers.  One reason that American Internet has 
*not* gone the automatic-signup route is that we like to do a little due 
diligence before opening our servers and network to "jest anyone."

Our biggest tool is where we check to see if the submitted information 
is consistent:  physical address isn't wonky (zip code in California for 
a site in New York -- it happens), physical address and node address of 
the IP are close.  For existing domain names, we run them past SpamHaus' 
ROKSO list.

Our billing department has also developed some rules of thumb, based on 
experience with the bad apples that do get through.  The result has been 
heartening -- the number of spam complaints about us sourcing spam has 
dropped.  (It's helped that I rooted out the smart-host customers who 
relay spam through my servers, too.)

For many of the sign-ups that don't pass first muster, we ask for 
clarifications.  For strings of bogus look-ups, we find that IPTABLES is 
our friend.

One other thing:  many systems do not properly track users who use a 
mail server for relay.  Part of the new architecture for my Plesk 
systems closed this loophole.




More information about the ARIN-discuss mailing list