On Tue, 2010-03-23 at 05:43 -0500, /dev/rob0 wrote: > > I'm aware of address extension. > > I think maybe I have discussed this with you before as well. >
I don't think so :-) > > It is a well-known trick, so the > > extension is likely to be stripped off by spam senders. > > Funny thing about that. I have exactly one spamtrap address, and > precisely because of spammers stripping the extension. Some years > back, I made a few posts to a mailing list using this address: > list+el...@nodns4.us . Note, no munging considered necessary. > > That address is not spammed at all; neither is the list@ address. > el...@nodns4.us is my spamtrap! I get lots of hits on that, over > 2000 in the past month. > > So, IME there is nothing to support your assumption about spammer > behavior. I would know it if the list@ address started to get hit. > I'd still be able to control it, because the only valid use of that > address have been list sunscriptions, each containing a +tag. But > this hasn't been necessary. > > Moral of the story: maybe harvest bots are dumber than you think. > Likewise, perhaps, so is your catchall. :) > OK, I saw different behaviour. But that was somewhere beginning of the 90's when I only had a single e-mail address. I switched to catchall after I had my own domains and up to a year or so, there was not that much spam on it. I took my measures and now I have a few spam mails catched by SA every day and maybe 1 or 2 in my inbox, mostly because I don't greylist my regular addresses. > To be fair, I have used user+t...@addresses in other situations, and > in those cases it's not possible to say with certainty that user@ > wasn't added to some spam list behind the scenes. But there too, I'm > able to say that spam is not a major problem for me. HELO checks and > Zen catch all but a few. > That's my experience too. I used to have a few hand-written rules and SA working together with over 95% percent result. > > Oh, this was about greylist server recommendations, so I'll toss in > my opinion about that as well. I used to use sqlgrey. It is a fine > piece of software, well and actively maintained (even when Lionel > took a hiatus, he got a standin maintainer. The list, although very > quiet, is monitored.) > > I stopped using it years ago. The pain of greylisting wasn't worth > the minimal benefits. I did not notice any substantive, measurable > difference in spam with and without greylisting. > > I think by now the vast number of spambots mean that it's feasible > for any given zombie to go through its list more than once. I *do* > think that much of what little zombie spew I see comes in twice. > Possibly the occasional lack of the second copy means that the CBL > picked it up in the meantime. > I've had only 1 or 2 spambots passing greylisting every week. I don't have stats for the number of drops. But the list of "unanswered" greylistings is huge. > Spamhaus PBL was extremely effective against zombies, as was the > widespread blockage of outbound port 25. I think the battle against > zombies will be shifting back to the relay-through-smarthost model > rather than the direct-to-MX model. This means that a postmaster's > job will be getting much harder. > > Imagine that! Yes, the number of relay attempts is increasing rapidly. I really need to cut out large parts of the /var/log/mail in logwatch reports. Bas.