[AUUG-Talk]: ACA says that Anti-spam laws are working...

Leon Brooks leon at cyberknights.com.au
Thu Jul 29 14:15:05 EST 2004


On Mon, 26 Jul 2004 07:21, Ben Elliston wrote:
> Won't greylisting be circumvented once the spammers think it's posing
> a big enough problem?  Won't they start running their own MTAs and
> pipeline the message delivery, only adding ~15 minutes to the overall
> time it takes to spam a few million recipients?

Yes. However, the current crop of zombies will need their software 
updated, will then need to stay on line for longer, and will have to 
use up more traffic to do their damage. This will result in more of 
them being found and taken down.

A technique which would be more effective (and I would advocate using 
this on top of greylisting) is to "send" a reply top them by contacting 
the mail server associated with the sending address, go through all of 
the motions of sending a reply from a dodgy address, and then drop the 
connection before sending actual data. If you can't find a mail server 
for it, or the mail server returns a definite error such as "no such 
user", you return an informative error message and drop the inbound.

There are two purposes in using a dodgy sender address (like 
192.168.42.69.20040729.121300 at spamkiller-robot.domain.com or 
mime32string at spamtrap.domain.com), one of them being that if we get an 
inbound message for it while checking, we know that a similar technique 
is in use at the sender's inbound mail server so we can return a 200 so 
it will ACK our query and we can ACK the inbound. The other is that 
you're handing out recognisable addresses to anything that harvests 
addresses from the query transaction, and can safely add those to our 
spam content filter's database - and/or analyse them to see what gets 
harvested when and from where, and when and where it turns up again.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Vice President, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Past Committee Member, Linux Australia
http://osia.net.au/             Member, Open Source Industry Australia



More information about the Talk mailing list