PM> they have huge bandwidth behind them so they get quite a bit of PM> content out before the updated rules can go in place.
You're not kidding about the bandwidth. There's a medium-sized hosting center in downtown Tampa that was an offshoot from one of the largest porn websites. Their content aside, they actually had a very good business model for purchasing spare bandwidth from a number of communications providers at pennies on the dollar, then reselling it at lower rates than their competition. They have half a dozen or more providers coming into their building, mostly for blasting out online video, but I'm sure a significant amount of spam comes from there as well. Once we realized who they were, we couldn't use them in good conscience, but we certainly were impressed by their business sense. Darin. ----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Sheldon Koehler" <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 2:58 PM Subject: Re[2]: [Declude.JunkMail] Spam getting through On Thursday, October 28, 2004, 1:29:55 PM, Sheldon wrote: >> SK> We have been experiencing the same thing. The spammers seem to be getting SK> better at passing filters and probably changing IPs and domains as fast as SK> they can be listed in the spam databases. We have some really hard core SK> coming to a few users and passing all tests including Sniffer. >> SK> Most of it is porno and they are not failing mailpolice-porn on top of SK> sniffer-porn. SK> John, the logs are fine, they just do not seem to fail ANY tests. They look SK> like a normal email. This is a good argument for the delayed-scan-and-deliver feature I suggested previously. The porn guys you are probably talking about we call the "mad-lib pornsters". Every day or so they will come out with a brand new set of domains delivering a wide array of porn traffic. Actually, our robots usually manage to pick up quite a bit of it, but they have huge bandwidth behind them so they get quite a bit of content out before the updated rules can go in place. If email from a previously unknown source (from address & IP) were simply delayed for some configurable number of hours before consideration then these mechanisms would be rendered inoperative for the spammers. Users tend not to have an immediate expectation of response on first contact - so the delay imposed will generally not matter for legitimate messages. For the spam content, a few hours might be all that is needed to get DNSBLs and other rule-bases (like Message Sniffer) up to speed so that the bad stuff never gets through. Anybody that the server already knows gets right through (subject to normal scanning of course). <pulls up flame proof gloves and latches the helmet closed before pushing the send button> _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
