Re: [Asrg] 7. Best Practices - DNSBLs - Article

[jm@jmason.org (Justin Mason)]

Chris Lewis writes:
> Justin Mason wrote:
> > Chris Lewis writes:
> 
> >>Of course, spamming tools will evolve, so then you consider increasing 
> >>the timeouts.  Too far, tho, and it's worse than where you started.  And 
> >>I don't think you'd ever get to where you'll be able to take into 
> >>account DNSBL latency.
> 
> > My opinion is that, if greylisting becomes common, spammers will
> > simply start saving enough data to perform retries.
> 
> Oh, yes, certainly, they can easily do that.  Even with a full blown MTA 
> queueing the whole thing.  However, greylisting puts a severe damper on 
> total throughput, which may often be enough to tilt the economies of 
> scale against it being profitable for most spammers.

Given the massive increases in spam volume over the last few years, I
think the use of proxies and trojanned machines seems to be increasingly
insulating them from bandwidth expenses.  (IMO)

> >>[2] That's not _entirely_ true, I've seen some spammers that retry 550's 
> >>after DATA several times very quickly (within minutes).  Not sure 
> >>whether that's proxy or relay behaviour.
> 
> > Actually, probably broken spamware that's been interrupted/crashed/moved
> > to another host, without checkpointing which addrs have already been
> > mailed.  I regularly get duplicated spams to the same address multiple
> > times in 1 4-hour interval.
> 
> Actually, I'm referring to "retries" from the same originating IP a few 
> seconds apart.

interesting!

> I get lots of duplicated spam from different IPs.  You don't really 
> think they care whether their distributed spamware sends me 1 or 15 
> copies, do you?

No, they certainly do not.

--j.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg