spam filtering
Jay R. Ashworth
jra at baylink.com
Fri Sep 28 19:47:55 PDT 2007
On Thu, Sep 27, 2007 at 09:00:00AM -0400, Kenneth Brody wrote:
> Quoting Brian K. White (Thu, 27 Sep 2007 00:56:25 -0400):
> [...]
> > When we turned on mxlogic only about 5 per day actually reached me, and they
> > were mostly mails that somehow got submitted directly to the mail host even
> > though the mx records pointed at mxlogic. Perhaps spammers know enough to
> > just try likely things like "mail.aljex.com" and if it's a mail server, just
> > try submitting mail to it, regardless of mx records. I'm surprised I don't
> > still get a ton of spam that way come to think of it.
> [...]
>
> In the good old days, spammers used to do "direct to MX" spam runs. That
> is, the spammer's software would connect directly to the recipient's MX
> server's SMTP port. I suppose some of them may have done the "let's see
> if mail.example.com works" before actually reading the MX record.
>
> However, nowadays, many ISPs block outgoing SMTP connections, and instead
> require that you send mail through their servers.
Yeah, but not enough, bu 2 or 3 orders of magnitude.
> (Where they can, in
> turn, do some processing, such as some attempt at filtering, or some
> rate throttle, or add some tracking headers in case it gets reported as
> spam.) These, in turn, will pass it on to the recipient's MX server.
> Since the ISP's servers won't go the "let's try mail.example.com" route,
> (unless, perhaps, if you don't have an MX record), they will always send
> to your MX server.
One word: tarproxy.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
More information about the Filepro-list
mailing list