jdow wrote: > > Menno, if the Earthlink "progressive delays" strategy is adopted then > even spam relayed through ISPs becomes time expensive. > Personally I don't believe much in delaying/throttling, there are so much zombies that it's just a matter of dispersing the load intelligently. I can see in my mail-logs in the rejects that tactics like that are used, many of the same spam arrives at the same moment on our server coming from different addresses all over the world. And each zombie picks another one of our mailaddresses that got on a spamlist. But there is also a spambot-version that uses a kind of burst-mode, in about 1 minute it spams all addresses on the spamlist at topspeed and then that zombie is (until now) never used again, so blocking it on IP is somewhat useless. Maybe throttling that one can help a little, but not very much I think.
jdow wrote: > > Add to that smtp-auth pointing directly to the perpetrator and Earthlink > has a > clear excuse to block email except to their help desk or even to > block all Internet access except to a page of their own suggesting > that the perpetrator or malware on the perpetrator's machine is spewing > spam and the situation should be remedied. "Help can be found here...." > > Of course, then if you have the spammer friendly ISPs and registrars > in the picture it's all null and void. > > Something I do not know and suspect is REALLY hard to ascertain until > recently when Earthlink went smtpauth only, is how much REAL spam > actually does originate from Earthlink servers. If there is much they > are certainly canny enough not to spam Earthlink customers for some > reason. > I have no knowledge about the Earthlink situation, is direct SMTP is blocked? By the way here dialup/dynamic addresses are becoming a rarity (or at least you keep your address for several months even on dynamic cable) so mostly you don't need SMTP-auth to find the spammer. There is very little spam coming in here from Earthlink, the last one (that is detected) is from July the 28 coming directly from a cable.earthlink.net address advertising an erotic site. So I guess this means direct SMTP is still possible, too bad IMHO.. Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spam----United-Nations-Paper-tf2035870.html#a5629162 Sent from the SpamAssassin - Users forum at Nabble.com.
