[funsec] 95% of User Generated Content is spam or malicious

Rich Kulawiec rsk at gsp.org
Mon Feb 15 10:46:14 CST 2010


On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:
> Threatstop users running the default TS blocklists on their firewalls
> before the anti-spam systems see, typically, 15% to 25% reduction in
> average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of
> what it is without ThreatSTOP. 

<chuckle> I'm waaaay past that.  I've cut down the number of incoming
connections by about 90% via judicious use of the DROP list, country
blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall.

In one installation, I've gone the other way: all SMTP connections
are blocked except those originating in North America (less those on
the DROP list or in spammer-allocated blocks).

The default-permit model for SMTP is on its way out, and it makes
progressively less sense to spend ever-increasing resources to
sustain it.  But judicious study of inbound/outbound mail traffic
is very necessary before trying something like this.  (Then again:
how could any postmaster possibly know how well they're doing unless
they measure it?  Sadly, very, very few actually do.)

---Rsk


More information about the funsec mailing list