Can DCC catch Korean spam? Doesn't seem to, lots getting through

Chris Shenton chris@Shenton.Org
Tue Apr 16 19:26:32 UTC 2002


DCC's doing a good job of catching spam to my home system, where I get
maybe a thousand msgs a day total or so.  But it doesn't seem to be
catching any of the increasingly large volume of spam originating in
Korea.

The following sample message (with obviously forged addresses) came
from Korea, as the end of this traceroute shows:

11  t1c2-p9-0.us-la.concert.net (166.49.240.74)  77.220 ms  74.245 ms  74.803 ms
12  t1a1-ge8-0-0.us-la.concert.net (166.49.227.39)  77.632 ms  74.634 ms  79.304 ms
13  166-49-252-22.concert.net (166.49.252.22)  74.638 ms  78.286 ms  74.552 ms
14  glgate194-p10-2.kornet.net (211.48.63.9)  224.748 ms  223.466 ms  224.168 ms
15  211.216.216.14 (211.216.216.14)  217.654 ms  217.751 ms  218.749 ms
16  hh-c4-ge6.kornet.net (211.217.32.134)  216.609 ms  215.959 ms  217.420 ms
17  211.196.155.34 (211.196.155.34)  220.772 ms  220.635 ms  219.880 ms
18  ndg-r1-dg-r2-p2500.kornet.net (211.196.156.86)  221.358 ms  223.117 ms  221.417 ms
19  211.224.147.2 (211.224.147.2)  220.451 ms  220.595 ms  220.741 ms
20  211.229.53.126 (211.229.53.126)  234.535 ms  234.140 ms  240.647 ms

This particular message was forwarded from an old work account at NASA
to my home.  It appears someone's harvested all our NASA HQ addresses
(possibly from our public X.500 directory) because many HQ users
started complaining about Korean spam recently.

If DCC can be persuaded to recognize this as spam, perhaps I can
persuade our mail admins to add DCC to our configuration at HQ. I'm
guessing maybe the fuzzy body checksum thing isn't quite doing the
right thing so I'm not seeing the large counts I'd expect --  unless
no one else is getting this stuff, which I seriously doubt. (Or maybe
I'm just using DCC wrong, ideas welcomed).

Any thoughts? Thanks!


-------------- next part --------------
An embedded message was scrubbed...
From: "=?iso-8859-1?q?=81=C0=81=CC=81=B8=81=DE=81=C0=81=CF=81=B8=81=B6?=
 =?iso-8859-1?q?=81=C4=81=CF=81=C6=81=C3?=" <test@test.com>
Subject: no subject
Date: Wed, 17 Apr 2002 01:05:30 +0900
Size: 7508
URL: <http://www.rhyolite.com/pipermail/dcc/attachments/20020416/94f1abf4/attachment.mht>


More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.