

Registry for ip addresses that send spam? - Tichy

Maybe it already exists, if not, would it be interesting to have a registry for ip-addresses that send spam? Volunteers could submit the senders ip addresses for spam they receive (automated), everybody else could check their own ip address to see if their computer has become an unwitting spammer. Could be a widget that checks the computers IP address against the registry.<p>I guess it wouldn't work because the sender's ip address could easily be faked, or could it? Don't know enough about SMTP...<p>On a related note, how many nodes does the internet have? Would it be possible to remember all possible spamming ip addresses in memory (4GB perhaps) -&#62; I guess it should be, for the time being (unless EVERY device is spamming, I think there are more devices on the internet than humans alive). I just remember the article about mailinator, they manage to run their service on one server by keeping everything in memory.<p>In fact, mailinator could probably provide that kind of service.
======
Tichy
OK, thinking on - it's probably all bullshit, but anyway, it wouldn't have to
be limited to spam. Victims of DDoS attacks could also register the ip-
addresses of their attackers.

There could be a simple website, you call it and see if your ip address was
involved in strange activity (with a probability - obviously the bad guys
would try to submit false addresses). If another DDoS would make the news,
perhaps a lot of people would check the address. Maybe a lot of Trojan horses
could be purged as a result.

------
nailer
Already implemented, using DNS as the repository, and supported in every Unix
mailer for the last decade and the latest Exchange too.

Google for RBL or ORBS. Some are free, some charge for access to their DNS
servers (ie, if you find a record for their hostname on the blacklist DNS
server, they're a spammer or open relay).

~~~
Tichy
I am not talking about open mail relays, though, I am more interested in
hijacked private machines (ie with dynamic IP addresses). Does ORBS take care
of that, too? If so, all the better, all that needs to be done is a web
interface for querying orbs.

How does ORBS get it's list of IP-addresses?

~~~
nailer
I mentioned spammers or open mail relays above. I include bot networks in my
definition of spammers as they're a source of spam, though I appreciate not
everyone else does.

Yes, most DNS blacklists takes care of bot networks. Most also provide a web
based query tool.

To identify spam sources, DNS based blacklists look at mail headers from
trusted users. Some DNS blacklists may also use honeypots with accounts that
should never be contacted.

------
Tichy
they seem to be doing it: <http://www.amihacked.com/>

Except I am not sure how they get their data (Spamcop).

So the question remains, why isn't everybody using their service now and
then...

~~~
davidw
Gathering data has got to be a problem. If any service got popular enough,
then it would be in spammers' interest to poison it in order to make people
not rely on it.

