On Wed, 2008-07-30 at 09:21 -0500, Ken A wrote: > Arvid Ephraim Picciani wrote: > > On Wednesday 30 July 2008 00:55:50 mouss wrote: > >> Ken A wrote: > >>> Can be a probe too. Accepting mail from that IP with that content says > >>> something about your system. Spammers aren't stupid. They fingerprint us > >>> just like we fingerprint them. > >> If I was a spammer, I don't see why I would probe you. I understand if > >> it's filter poisoning, but probing to see if the message will be > >> accepted is useless. they can just send their spam. if you reject it, > >> others will accept it, and some will read it, which is exactly what they > >> want to achieve. > > > > No. Some spammers are a lot more clever then that. > > Especialy if you sell lists, you usually make sure they are high quality. > > This is a low volume probe. Propably to clean out harvested lists. > > > > - They are probing for wrong addresses > > (This is why returning 550 imho makes sense and greylisting does not) > > - They are probing for backscatterer > > All mails would have the same From address,envelope, and helo > > of a compromised mailserver. > > - They are probing for spamtraps. > > Bigger ISPs can propably detect that best, > > since the mails would have a pattern. > > > > Of course there is always the posibility that the ratware is simply broken. > > shit happens :P > > > > Yes. And also, in any war, consider resource usage. > A simple example: Spammer at any given time may have access to a number > of DNSRBL listed bots, and a number of unlisted bots. With an > understanding of how ISP handles filtering based on a given DNSRBL, > spammer may choose a certain delivery pattern.
How does the spammer come to know his mail is delivered and not quarantined / deleted / or spam tagged