On Fri, Oct 30, 2009 at 08:51:08AM +0000, Matt Richards wrote:
> Does anybody know what happened? Have servers just been
> reconfigured to not send backscatter from spam?
Here in the YMMV department ...
My little server hosts a few small Free Software community projects,
one of which is a small (mostly inactive) local Linux user group. The
subdomain that receives mail is list.example.org. ... the parent is
used for Web service only. But, the MX for the parent exists and is
pointed at my little server.
Roughly 90% of all connections I get are backscatter for this one
little domain. 554 5.7.1 ... Relay access denied. And yet they keep
coming back again and again.
When I did some quick statistical analysis, however, I saw that many
of these were repeat abusers. So it's a relatively small number
overall, that I am seeing. And note, I have no way to distinguish
backscatter abuse from SAV abuse. I bet if this was running on a
home ADSL or cable connection, it would cause a DoS. As it is at a
good colocation provider, I only have to deal with big log files.
I can't say that my experiences invalidate your observations, but
for sure, the problem has not gone away. Fortunately, people who
consider accept-then-bounce a valid way to handle email are now a
small and thoroughly discredited minority.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
