I get these, but this and other reasons are why you have to do more than *just* greylist. Yes, I greylist of course, but greylisting is one tool. the key thing it gives you is time to look at the sending profile of the bozo sending the stuff.
When it's going to wait 30 minutes before it gets in first, trust me, it sends to lots of addresses in your domain. I trap based on this. and I pick up a lot of these who are mailing to invalid users, expired users, etc. etc. etc. On Thu, Sep 10, 2009 at 9:52 PM, David Richardson <drichard...@interbaun.com > wrote: > So would it make sense to use the whois system to get the aproval/created > dates for the domain as well, and treat them the same way as if the were > not MX servers for their tasting time, and greylist them for that period. > Real domains you want to talk to can be whitelisted. > > > ----- Original Message ----- > From: "Lars Nooden" <lars.cura...@gmail.com> > To: "Steve Fairhead" <st...@fivetrees.com> > Cc: <misc@openbsd.org> > Sent: Tuesday, September 08, 2009 2:20 AM > Subject: Re: New spammers' behaviour pattern > > > > Steve Fairhead wrote: > >> - Mail originates from a correctly-configured mailserver, typically > >> called > >> ssl.somedomain.com, so spamd doesn't catch it. > >> - The domain is entirely sacrificial, and may only exist for a few > days > >> before being blocked by the registrar (or blacklisted by me). > > > > Domain tasting has been, from the beginning, set up with the goal of > > spamming: > > http://public.icann.org/issues/domain-name-tasting > > mail spamming is just a variation on the theme. > > > > Some registrars might be considering ending the practice. The problem > > won't go away by ignoring it. > > > > regards, > > -Lars
