spam defense perimeter (was: [svlug] SBAY Pizza reminder)

Ian Kluft ikluft at thunder.sbay.org
Sun Jul 22 03:51:01 PDT 2001


Thanks John.  That's useful info.

At the SBAY Pizza tonight, the proposal was approved to create sbay.org's
Spam Defense Perimeter Project.  We created a mail list at
   http://www.sbay.org/mailman/listinfo/sdp

We're still looking for a volunteer to coordinate the project.  But I'll be
the acting coordinator for now since we can't wait to get things moving.
There are some policy issues the project will have to consider.  (More
details are already in the mail list archive.)  And the technical issues
I foresee would look like the following, with a "(*)" marking the ones which
are software that could become an Open Source project on SourceForge.net.
So other communities besides sbay.org can participate in development if
they find this useful.

* Maintain a database of blocked sites, including who submitted them,
  when they were submitted and what policies they violate.
* Maintain a command-line tool which participants can pipe a spam mail into
  which will submit all the Received headers for review. (*)
* Maintain server-side web software which will accept authenticated reports
  of Received headers and enter them in the database for review.  All new
  addresses may be tested for open relays if the project desires. (*)
* Maintain an authenticated web interface for addresses under review to be
  marked as participant sites (since our own sites will show up in Received
  headers too), open relays, dial-ups, policy-blocked sites, etc. (*)
* Maintain a DNS server interface for mail servers to make RBL-style queries.
  Different policies can be separated into different DNS subdomain names
  if desired by the project. (*)

There was also discussion about ways that similar groups/communities can
share advisories with each other.  One that came up was to post PGP-signed
spammer advisories on UseNet and then only use ones signed by keys on a
local accept list.

>From: John Conover <conover at rahul.net>
>I put http://www.johncon.com/john/receivedIP/index.html up about a
>month ago, after I had to come up with an alternative when ORBS got
>kicked off the Internet. The page has had fairly high hit rates.
>
>The RBL database is available in the sources, (its about 3K lines, but
>includes entire class A, B, and C address ranges, too; like for
>da.uu.net dial ups, etc.)
>
>        John
>
>BTW, receivedIP was intended to be included in a community accessible
>procmail/smartlist script, where users could send spam messages, and
>it would automatically update a wide area procmail accessible
>database.
>
>Ian Kluft writes:
>> 
>> sbay.org "Spam Defense Perimeter" Project - MAPS is discontinuing free
>>    access to their database which we use for spam rejection on sbay.org's
>>    mail servers on Aug 1.  Now that everyone is on their own, we'll have to
>>    band together for our own self-defense against spammers.  We'll coordinate
>>    the sbay.org mail servers spam-rejection procedures and a mini-RBL
>>    database for our own use.  Other sbay.org participants with their own
>>    separate mail servers may be part of the project too.  We need to find a
>>    permanent coordinator for the project - this is a call for volunteers.
>>    Until then, I'll be the acting coordinator since this has to get started
>>    ASAP, pronto, right away, as in yesterday...




More information about the svlug mailing list