Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] antispam tricks
- Date: Wed, 15 Nov 2006 23:23:25 +0100
- From: Botond Botyanszki <tlug@example.com>
- Subject: Re: [tlug] antispam tricks
- References: <20061115172416.68f7d0ae@example.com> <d8fcc0800611151351y5b07009dtde528271260ebb2f@example.com>
On Thu, 16 Nov 2006 06:51:43 +0900 "Josh Glover" <jmglov@example.com> wrote: > On 16/11/06, Botond Botyanszki <tlug@example.com> wrote: > > > * I thought of using greylisting, but I think eventually spammers will > > lean towards becoming rfc compliant and come back later with the mail. > > Why? Remember, spammers are all about efficiency. They need to be able > to reach as many people as possible as cheaply as possible or their > "business" model doesn't work. If you remove yourself from the > category of low-hanging fruit, why would spammers come after you when > it requires more effort and cost? This is true for most but not all spammers. SMTP-time rejection used to work well a while ago, but I think they realized that this is not a permanent error. For example in many cases spammers try to send more than one spam mail (different content) to the same address. Even if the first one fails (=is REJECTED), they go on with the next. This suggests that they have realized rejection is dependent on the content as well, not just the availability of the target mailbox/mail server. Sooner or later they will realize how graylisting works (especially if it will become more popular) and will retry properly in an rfc compliant manner after temporary rejections. BTW, the example above shows why I need blacklisting at IP level. If the first message is detected as spam, the host would have no chance of trying to push more spam mails in and succeed. > It is the same theory as Internet security; I am not so naive that I > think my boxen could withstand a determined, focused, skilled > attacker, but I am certainly so much better prepared for > run-of-the-mill auto-attackers that I seriously doubt my boxen will > ever be cracked. It is just not worth the effort when there are > millions of hosts on the 'Net that can be broken into much more > easily. True, but once all these boxen are hardened, the attackers will have to find new ways for getting in. > I was not a greylisting believer two years ago when I first read the > paper. I am not, mainly thanks to the dramatic decrease in spam that I > have personally seen on the TLUG list: > > With greylisting: average of 3 spams / day > Without greylisting: average of 50 spams / day I still think the efficiency rate that you just quoted here will soon drop. As I said, I have nothing against graylisting and will probably try it if the spam level gets intolerable. So I'd like to hear what kind of setup you are using. -- boti
Attachment:
signature.asc
Description: PGP signature
- Follow-Ups:
- Re: [tlug] antispam tricks
- From: Stephen J. Turnbull
- Re: [tlug] antispam tricks
- References:
- [tlug] antispam tricks
- From: Botond Botyanszki
- Re: [tlug] antispam tricks
- From: Josh Glover
- [tlug] antispam tricks
- Prev by Date: Re: RE : Re: [tlug] wiki
- Next by Date: Re: [tlug] Firefox font configuration
- Previous by thread: Re: [tlug] antispam tricks
- Next by thread: Re: [tlug] antispam tricks
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |