Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] antispam tricks
- Date: Thu, 16 Nov 2006 11:42:07 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] antispam tricks
- References: <20061115172416.68f7d0ae@example.com> <d8fcc0800611151351y5b07009dtde528271260ebb2f@example.com> <20061115232325.496e27e0@example.com>
Botond Botyanszki writes: "jg" == "Josh Glover" <jmglov@example.com> wrote: jg> On 16/11/06, Botond Botyanszki <tlug@example.com> wrote: jg> jg> > * I thought of using greylisting, but I think eventually spammers will jg> > lean towards becoming rfc compliant and come back later with the mail. jg> jg> Why? Remember, spammers are all about efficiency. They need to be able jg> to reach as many people as possible as cheaply as possible or their jg> "business" model doesn't work. If you remove yourself from the jg> category of low-hanging fruit, why would spammers come after you when jg> it requires more effort and cost? For pride and ire, for two reasons. It's important to realize that the recent surge in spam is not costing the more prolific spammers a dime---their costs are all overhead: software development and marketing to their clients. They don't pay for their CPUs and they don't pay for their bandwidth. So being able to reach greylisting servers is a plus for their marketing, and a one-time cost in adjusting their viruses. And some spammers just hate being shut out, even by just one host. > BTW, the example above shows why I need blacklisting at IP level. If the > first message is detected as spam, the host would have no chance of > trying to push more spam mails in and succeed. True, but I don't see often see multiple spams from the same host AFAIK. (That may be due to /dev/null-ing IPs that are on 3 of 3 dnsrbls.) I would expect by now that botnets are designed to avoid multiple sends to the same target from the same IP (except for SMTP 4xx resends). jg> It is the same theory as Internet security; I am not so naive that I jg> think my boxen could withstand a determined, focused, skilled jg> attacker, but I am certainly so much better prepared for jg> run-of-the-mill auto-attackers that I seriously doubt my boxen will jg> ever be cracked. It is just not worth the effort when there are jg> millions of hosts on the 'Net that can be broken into much more jg> easily. You will eventually get caught by a regression, or maybe even a new bug that the blackhats exploit before the many eyes publish a fix, although maybe not in your lifetime. You've heard my Smail story, haven't you?
- References:
- [tlug] antispam tricks
- From: Botond Botyanszki
- Re: [tlug] antispam tricks
- From: Josh Glover
- Re: [tlug] antispam tricks
- From: Botond Botyanszki
- [tlug] antispam tricks
- Prev by Date: [tlug] quick 日本語 question
- Next by Date: Re: [tlug] quick 日本語 question
- Previous by thread: Re: [tlug] antispam tricks
- Next by thread: Re: [tlug] antispam tricks
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |