Eliminate Spam

Document Sample
Eliminate Spam Powered By Docstoc
					Eliminate Spam
Well over 90% of all spam is sent by compromised PC's. Spam send by
dedicated spam servers are easy to blacklist.
It should therefore be possible to eliminate spam world-wide by
a) restricting Internet access of compromised PC's sending spam
b) forcing owners of said PC's to take anti-virus and anti exploitation
c) null routing the few remaining deliberate spam servers.
We have been using such a method for several years now. While it does
nothing to stop the flood of spam reaching the network, it ensures the
ISP has a far lower ratio of end users creating spam.
Spam is reported to an ISP by other ISP's, in particular AOL has an
excellent opt-in spam reporting systems for other ISP's to use. Almost
all spam sent in the world makes it to at least some AOL users, and AOL
reporting system has very high integrity. Of the many thousands of spam
reports received, there is yet to be a false positive.
The common format of the AOL, and some other ISP, spam reporting means
the email notices can be parsed by an automatic processor. That processor
strips the local IP address and creates a list of IP address which are
then sorted and run through the unix/linux utility 'uniq'. The result is
a list of single IP addresses from which we can be certain spam has been
That list is then submitted to a database utility that matches the IP
address to the end user. From there another utility changes the end user
IP address from a public IP to a private IP address on a specific
10.x.x.x address block. The next step is to initiate a disconnect through
radius so that the current user session is dropped and when reconnected,
acquires the private IP address.
All outbound traffic on the network is directed through core routers.
Those core routers have specific route-map lists that look for 10.x.x.x
addresses and redirect them to captive portal servers. The really nice
thing about this method, is that it costs very little in terms of router
CPU, because of the very specific nature of the traffic the route-maps
are looking for.
The result is that all identified sources of spam are:
a) blocked from access to the global Internet, so they can do no more
b) Directed to a captive portal web page that provides specific
instructions on how to resolve their spam/virus issue
c) except for the expected exceptions of those very ignorant people that
can not understand written instructions, there is no intrusion of extra
support burden placed on the ISP helpdesk support as a result of spam.
d) End users are forced to consider and take action on the inconvenience
they cause to all other Internet users as a result of their carelessness.
Really, it is a win for everyone.
Side note: Who do you think are the most critical of this method? Of
course it is the self fancied 'IT Gurus' who sell themselves as so-called
experts. Yet despite their self acclaimed 'expert' status, are unable to
prevent their own servers, or their long suffering clients, from sending
spam - that the most basic of competent prevention methods would

Shared By: