Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] antispam tricks



On Thu, 16 Nov 2006 06:51:43 +0900
"Josh Glover" <jmglov@example.com> wrote:

> On 16/11/06, Botond Botyanszki <tlug@example.com> wrote:
> 
> >  * I thought of using greylisting, but I think eventually spammers will
> >   lean towards becoming rfc compliant and come back later with the mail.
> 
> Why? Remember, spammers are all about efficiency. They need to be able
> to reach as many people as possible as cheaply as possible or their
> "business" model doesn't work. If you remove yourself from the
> category of low-hanging fruit, why would spammers come after you when
> it requires more effort and cost?
This is true for most but not all spammers. SMTP-time rejection used to
work well a while ago, but I think they realized that this is not a
permanent error. For example in many cases spammers try to send more than
one spam mail (different content) to the same address. Even if the first
one fails (=is REJECTED), they go on with the next. This suggests that
they have realized rejection is dependent on the content as well, not
just the availability of the target mailbox/mail server.
Sooner or later they will realize how graylisting works (especially if it
will become more popular) and will retry properly in an rfc compliant
manner after temporary rejections.

BTW, the example above shows why I need blacklisting at IP level. If the
first message is detected as spam, the host would have no chance of
trying to push more spam mails in and succeed.

> It is the same theory as Internet security; I am not so naive that I
> think my boxen could withstand a determined, focused, skilled
> attacker, but I am certainly so much better prepared for
> run-of-the-mill auto-attackers that I seriously doubt my boxen will
> ever be cracked. It is just not worth the effort when there are
> millions of hosts on the 'Net that can be broken into much more
> easily.
True, but once all these boxen are hardened, the attackers will have to
find new ways for getting in.


> I was not a greylisting believer two years ago when I first read the
> paper. I am not, mainly thanks to the dramatic decrease in spam that I
> have personally seen on the TLUG list:
> 
> With greylisting: average of 3 spams / day
> Without greylisting: average of 50 spams / day
I still think the efficiency rate that you just quoted here will soon drop.
As I said, I have nothing against graylisting and will probably try it if
the spam level gets intolerable. So I'd like to hear what kind of setup
you are using.


-- 
boti

Attachment: signature.asc
Description: PGP signature


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links