> > Another member said to use a nobody alias (so all addresses appear
> > valid), but my impression of that is they will think the addresses
> > are valid and try them again in the future
>
> Some of the harvesting programs do check a couple of unlikely
addresses ("[EMAIL PROTECTED]"), and if they get delivered, they
go on to the next domain. Others, though, may see all the addresses as
legitimate -- this could cause more traffic later, if they get put onto
a CD, but will also lower the % of responses that spammers get (and yes,
spammers do get people who respond to them).
Yeah, that was me and the tactic worked fairly well as a short term
solution. But I also monitored our logs for too many invalid addresses
attempted from the same remote IP (via a simple Perl script).
There are a couple other advantages of getting 'nobody'. It allowed me
to see very early (before complaints began arriving), that someone was
forging one of our return addresses. In another case I was able to
detect a luser sending out a massive mailing (non-spam) with our domain
mispelled (hey Ipswitch, can we get some sanity checking on the "Mail
From:" address like other MTAs? At least make sure the domain exists
since other MTA's probably won't accept delivery if it doesn't...)
If you can run IMGate, that's my recommendation. As a short term measure
'nobody' will protect you in 90% of the cases (based on my experience at
least, and our domain was hardcoded into GeoListPro so I've seen more
than a few attacks).
Mike
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
