At 06:24 08-11-2007, Alex Woick wrote:
There seem to exist some address harvester that greps message-id's
and other non-address content as mail address, since I get spam to
such proven never-existed mail addresses. This list is harvested
this way, for example. There are already a few message-id's from my
older list postings that regularly get spam since a few months.
Is it safe to add the sender systems to an internal blacklist
database automatically and let my MTA reject further mail from it
for perhaps 6 hours?
No. It can lead to a denial of service unless you combine it with
whitelisting from "trusted" sources.
It should be safe because no one except the harvester+spammer could
have gotten such an address. I assume this way spamtraps work, aren't they?
A simple spamtrap would work like that.
This would be quite efficient, since the same bot often tries to
deliver 10 spams within a few seconds, and if it were blocked after
the first connection, 9 of 10 spams would be blocked right away. And
the 1st would not get through greylisting, since it gets no 2nd connection try.
The spam content shouldn't even be getting through as the recipient
address is invalid.
Regards,
-sm