![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: AOL: Client TOS Notification
Gordon Hudson
gordon at usenet2.hostroute.co.uk
Sat Dec 11 16:40:14 EST 2004
"Gordon Hudson" <gordon at usenet2.hostroute.co.uk> wrote in message
news:cpf7nc$h77$1 at news.spamcop.net...
>
> "John E. Malmberg" <wb8tyw at qsl.network> wrote in message
> news:RZqdnd5RBo0PjCbcRVn-hA at adelphia.com...
>
>> If this is on the web, are you verifying that the signup is not from an
>> I.P. address that is already on an open proxy or sbl-xbl.spamhaus.org,
>> bl.spamcop.net list? The only signups that you will get from those
>> addresses will be fraudulent.
>
>
> Yes we do all of that.
> We have lots of fraud screening in place.
> December is our peak period for this sort of thing with the 25th being the
> biggest day of the year.
>
> Those two incidents came from non blacklisted IP's.
>
>>> uses the mail() function to send spam.
>>> We find him, but in the 2 hours ince he has flooded us with spam.
>>>
>>> We could disable the mail() function but would lose all our customers.
>>
>> Rate limit the amount of mail to 10 recipients delivered per day until
>> for the first few days, then slowly ramp up the amount of mail allowed.
>> Or find some other means to verify that the credit card is not stolen.
>
> Can't be done with the number of customers we have.
> In any scaleable or manageable way.
>
>> And do not allow mail to be sent from any known open proxy or I.P.
>> address found in sbl-xbl.spamhaus.org or in spamcop.net.
>>
>>> All of those hosts you quote will have exactly the same problem.
>>
>> Then they not only end up on the public blocking lists, they also end up
>> on the private blocking lists.
>
>
> We are not on any blocking lists (or at least rarely)
>
>> 2 hours is way too long to allow a spam run.
>>
>> My inboxes for the past three months has been being hit with bursts of
>> Advance Fee Scams and 419 scams from "insecure" web mailers. They seem
>> to be coming from only a small number of networks.
>> By looking at the timestamps, it appears that it takes them 2 hours to
>> get 1/2 way through the alphabet.
>>
>> So it appears that most networks know how to prevent their web mail
>> services from being used by spammers.
>
> Obviously we are crap.
> I get the message.
>
> The problem is that we are very large and as a reult we will get more
> spammers than most web hosts.
>
> AOL are mailbombing me.
> Thats the end of the story as far as I am concerned.
>
> Another 100 since this morning for incidents more than 5 days ago.
>
> One report is sufficient.
Actually there are a few things you can do:
Run PHP in safe mode to prevent some abuse, but most customers can't write
or install code that works in safe mode.
e.g. most forum software will not work in safe mode.
The mail() function runs as user nobody so rate limiting is inappropriate as
it would affect all users.
You cna run phpexec but this is prone to problems and customers cannot code
within those confines either.
basically preventing access to mail() is the only way to stop it.
More information about the SpamCop-List
mailing list