[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A potential way to cut down on spam.



Eugene/Alvin:

For what it's worth, I agree with Eugene.  I see way more spam from what 
appear to be zombies than high speed mailers.  

I have implemented a customized "reactive" blocking approach and I don't 
find that the remote system stops trying, even in the face of numerous 
rejected delivery attempts.

Nonetheless, I get pretty good results by rejecting based on "mailbox 
doesn't exist" messages in syslog.  I accumulate "points" by IP address:

- messages with many recipients and many bad users get the highest points, 
- messages with many recipients and two or less bad users get less points, 
- messages with one recipient that's bad gets one point

Accumulate too many points over a specified period and the IP is added to 
my RBL zone file.  It's not perfect, but at least I'm doing something.

Speaking of which - has anyone else noticed that the spool ID isn't being 
incremented when a remote server delivers multiple messages in the same 
session?  


All the best,

Neal Morgan

 

> 
> A single system that sends 500,000 spam messages a day is not a problem
> at all to deal with.  Most of our incoming spam is from thousands of
> infected "zombie" home PCs, each of them trying  to send a mere hundred
> messages.  For spammers, it won't be any problem to program those to
> make several delivery attempts.
> 
> Eugene
> 
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi






-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi