Spam and extra MX records

Bill McGonigle bill at bfccomputing.com
Mon Apr 21 17:14:59 EDT 2008 

On Apr 19, 2008, at 21:58, Ben Scott wrote:

>  Hmmmm.  I guess my issue is that you're deciding to increase my load
> to help you.  I don't get a vote.  All I can do is respond in kind, by
> increasing your load to help me.

True, good point.  To further complicate matters, if we both increase  
each others' loads with greylisting, we both cut down on our loads by  
not content-scanning 40% of our spams.  It's relatively cheap.  It  
would be interesting to study how each compares with DKIM, SMTP/TLS,  
etc..

> Not really.  The problem with things like greylisting and nolisting
> is they're a quick-fix.  All it takes is an adjustment by the spammers
> and we're back to square one.

Note that the 'adjustment' is to implement a queuing system in their  
winzombies, not just blast out spam as fast as possible.  While not  
impossible for this simple case, it appears only about a third of the  
spammers have felt it wise to do so.  They're in the game of getting  
paid by the spam delivered.  Depending on how many you can blast out  
a minute, how much RAM the zombie has, how long the window is (which  
varies), how big a state table is required, etc., the delivery rate  
could be severely hampered.

> Game over in one move.

'Altered' would be a better word - we've at least doubled the cost of  
delivering a spam with greylisting, probably more than that in  
practice.  The original intent was to attack the economics of  
spamming.  The UN hasn't sent their manhunters down on them for  
increasing global warming yet, and there is a bit of wild-westism  
inherent in the system.

>   There are lots
> of anti-spam methods that spammers can try to counter, but which they
> can't simply switch off.  They can dodge blacklists, but they can't
> make blacklists totally ineffective by a software change.  They can
> try to craft their payload to slip through filters, but they can't
> bypass all filters at once.  Etc.

All true, but if it were profitable for all spammers to defeat  
greylisting I believe they would have.  If everybody implemented  
greylisting they would have to.  It's the ouroboros.

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

More information about the gnhlug-discuss mailing list