Re: [Mimedefang] Testing and dictionary attack..
At 09:14 AM 7/7/2004, Net Guy wrote: What has been decided: Do I just drop eMail from whomever that has the wrong reciepent, or do I bounce it ( nouser: No user here by that name )? In my limited view of things I see that either could have benefits: Bounce - the folks that are real and not spammers know that they screwed up the address. Drop - the spammers think that the address works, so the spam lists grow with invalid names. I suggest bounce (in the action_bounce, reject at SMTP time sense). The potentially large consequence of losing a legitimate message outweighs the likely small benefit of polluting the spammers' lists. I say it's a small benefit because: - If you're dropping the message, you still need to waste the bandwidth to make them think you've accepted it. - Unless you're tarpitting it, it won't slow them down much. - Many spammers don't clean up their lists anyway. Heck, many legit mailing lists don't either. We get lots of mail sent to long-dead accounts, some of which I ended up reactivating, watching for (and unsubscribing from) legit newsletters, and turning into spamtraps. Kelson Vibber SpeedGate Communications www.speed.net ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Testing and dictionary attack..
On Fri, 9 Jul 2004, Kelson Vibber wrote: - Many spammers don't clean up their lists anyway. I was recently at an anti-spam conference. I met an e-mail admin who ran a domain that had been inactive for two years. That is, for two whole years, the domain xxx.ca had NO published MX records, and any e-mail to [EMAIL PROTECTED] would fail. (xxx.ca is not really the domain; I obscured it for privacy reasons.) Out of curiosity, the admin published an MX record for that domain. He was *immediately* flooded with 100,000 spams/day. I believe this settles the discussion as to whether spammers clean their lists. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Testing and dictionary attack..
[EMAIL PROTECTED] wrote on 07/09/2004 02:44:10 PM: I was recently at an anti-spam conference. I met an e-mail admin who ran a domain that had been inactive for two years. That is, for two whole years, the domain xxx.ca had NO published MX records, and any e-mail to [EMAIL PROTECTED] would fail. (xxx.ca is not really the domain; I obscured it for privacy reasons.) Out of curiosity, the admin published an MX record for that domain. He was *immediately* flooded with 100,000 spams/day. I believe this settles the discussion as to whether spammers clean their lists. I'll second that! I had a subdomain that went dead. Early this year, I resurected it to test Mimedefang and then later CanIT four years after it went dead. Boy did the spam start rolling in! At least it gave me something to test against. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Testing and dictionary attack..
Very true... However, spammers are definitly aggressive when it comes to finding new addresses on your server. When I first started doing spam filtering on front-end machines, I would just relay everything to the backend. So if spammers were sending email to randomly generated accounts ([EMAIL PROTECTED]) I was not returning a 550 even though that address did not exist. As result, Mr. Bob Smith has become popular and now I can't get spammers to believe that he is gone! Now, I always explicitly relay per address to prevent this type of harvesting. -john From : David F. Skoll [EMAIL PROTECTED] To : [EMAIL PROTECTED] Subject : Re: [Mimedefang] Testing and dictionary attack.. Date : Fri, 9 Jul 2004 14:44:10 -0400 (EDT) On Fri, 9 Jul 2004, Kelson Vibber wrote: - Many spammers don't clean up their lists anyway. I was recently at an anti-spam conference. I met an e-mail admin who ran a domain that had been inactive for two years. That is, for two whole years, the domain xxx.ca had NO published MX records, and any e-mail to [EMAIL PROTECTED] would fail. (xxx.ca is not really the domain; I obscured it for privacy reasons.) Out of curiosity, the admin published an MX record for that domain. He was *immediately* flooded with 100,000 spams/day. I believe this settles the discussion as to whether spammers clean their lists. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Testing and dictionary attack..
Hi all Keep up the GREAT work! What has been decided: Do I just drop eMail from whomever that has the wrong reciepent, or do I bounce it ( nouser: No user here by that name )? In my limited view of things I see that either could have benefits: Bounce - the folks that are real and not spammers know that they screwed up the address. Drop - the spammers think that the address works, so the spam lists grow with invalid names. Instead of testing stuff on a live server, I have found that I can use something like this: virtusertable: [EMAIL PROTECTED]realuser [EMAIL PROTECTED]realuser @domain1.com[EMAIL PROTECTED] [EMAIL PROTECTED]realuser [EMAIL PROTECTED]realuser @domain2.com[EMAIL PROTECTED] which sends all the unknown/incorrect ( usuall spam ) mail to the test machine. Now I can play around without messing with the real thing. Thanks for the wisdom! todh -- Sound Networking425.290.9663 voice Suite 106 425.740.2004 dialup 10011 3rd Avenue SE Everett, WA www.sound-networking.com 98208 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
