[funsec] 95% of User Generated Content is spam or malicious
Rich Kulawiec
rsk at gsp.org
Mon Feb 15 10:46:14 CST 2010
On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:
> Threatstop users running the default TS blocklists on their firewalls
> before the anti-spam systems see, typically, 15% to 25% reduction in
> average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of
> what it is without ThreatSTOP.
<chuckle> I'm waaaay past that. I've cut down the number of incoming
connections by about 90% via judicious use of the DROP list, country
blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall.
In one installation, I've gone the other way: all SMTP connections
are blocked except those originating in North America (less those on
the DROP list or in spammer-allocated blocks).
The default-permit model for SMTP is on its way out, and it makes
progressively less sense to spend ever-increasing resources to
sustain it. But judicious study of inbound/outbound mail traffic
is very necessary before trying something like this. (Then again:
how could any postmaster possibly know how well they're doing unless
they measure it? Sadly, very, very few actually do.)
---Rsk
More information about the funsec
mailing list