Well over 90% of all spam is sent by compromised PC's. Spam send by dedicated spam servers are easy to blacklist.
It should therefore be possible to eliminate spam world-wide by
a) restricting Internet access of compromised PC's sending spam
b) forcing owners of said PC's to take anti-virus and anti exploitation measures
c) null routing the few remaining deliberate spam servers.
We have been using such a method for several years now. While it does nothing to stop the flood of spam reaching the network, it ensures the ISP has a far lower ratio of end users creating spam.
Spam is reported to an ISP by other ISP's, in particular AOL has an excellent opt-in spam reporting systems for other ISP's to use. Almost all spam sent in the world makes it to at least some AOL users, and AOL reporting system has very high integrity. Of the many thousands of spam reports received, there is yet to be a false positive.
The common format of the AOL, and some other ISP, spam reporting means the email notices can be parsed by an automatic processor. That processor strips the local IP address and creates a list of IP address which are then sorted and run through the unix/linux utility 'uniq'. The result is a list of single IP addresses from which we can be certain spam has been sent.
That list is then submitted to a database utility that matches the IP address to the end user. From there another utility changes the end user IP address from a public IP to a private IP address on a specific 10.x.x.x address block. The next step is to initiate a disconnect through radius so that the current user session is dropped and when reconnected, acquires the private IP address.
All outbound traffic on the network is directed through core routers. Those core routers have specific route-map lists that look for 10.x.x.x addresses and redirect them to captive portal servers. The really nice thing about this method, is that it costs very little in terms of router CPU, because of the very specific nature of the traffic the route-maps are looking for.
The result is that all identified sources of spam are:
a) blocked from access to the global Internet, so they can do no more harm
b) Directed to a captive portal web page that provides specific instructions on how to resolve their spam/virus issue
c) except for the expected exceptions of those very ignorant people that can not understand written instructions, there is no intrusion of extra support burden placed on the ISP helpdesk support as a result of spam.
d) End users are forced to consider and take action on the inconvenience they cause to all other Internet users as a result of their carelessness.
Really, it is a win for everyone.
Side note: Who do you think are the most critical of this method? Of course it is the self fancied 'IT Gurus' who sell themselves as so-called experts. Yet despite their self acclaimed 'expert' status, are unable to prevent their own servers, or their long suffering clients, from sending spam - that the most basic of competent prevention methods would eliminate.
Free Spam Blocker For Emails What If You Could Get Paid Everytime You Got Spammed in Violation of CAN-SPAM? Would You Do It? Yes Track Down the Spammer - Search by Email Address Which Email Client Has the Best Spam Filter? Take Extra Precautions and Stop Spam The Scourge of Spam and How to Tackle It
0 comments:
Post a Comment