[AUUG-Talk]: ACA says that Anti-spam laws are working...
leon at cyberknights.com.au
Thu Jul 29 14:15:05 EST 2004
On Mon, 26 Jul 2004 07:21, Ben Elliston wrote:
> Won't greylisting be circumvented once the spammers think it's posing
> a big enough problem? Won't they start running their own MTAs and
> pipeline the message delivery, only adding ~15 minutes to the overall
> time it takes to spam a few million recipients?
Yes. However, the current crop of zombies will need their software
updated, will then need to stay on line for longer, and will have to
use up more traffic to do their damage. This will result in more of
them being found and taken down.
A technique which would be more effective (and I would advocate using
this on top of greylisting) is to "send" a reply top them by contacting
the mail server associated with the sending address, go through all of
the motions of sending a reply from a dodgy address, and then drop the
connection before sending actual data. If you can't find a mail server
for it, or the mail server returns a definite error such as "no such
user", you return an informative error message and drop the inbound.
There are two purposes in using a dodgy sender address (like
192.168.42.69.20040729.121300 at spamkiller-robot.domain.com or
mime32string at spamtrap.domain.com), one of them being that if we get an
inbound message for it while checking, we know that a similar technique
is in use at the sender's inbound mail server so we can return a 200 so
it will ACK our query and we can ACK the inbound. The other is that
you're handing out recognisable addresses to anything that harvests
addresses from the query transaction, and can safely add those to our
spam content filter's database - and/or analyse them to see what gets
harvested when and from where, and when and where it turns up again.
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Vice President, Perth Linux User Group
http://slpwa.asn.au/ Committee Member, Linux Professionals WA
http://linux.org.au/ Past Committee Member, Linux Australia
http://osia.net.au/ Member, Open Source Industry Australia
More information about the Talk