'Re: [Christmas Gift for free] 50% Spam reduction !'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail
Subject:    Re: [Christmas Gift for free] 50% Spam reduction !
From:       Erwin Hoffmann <feh () fehcom ! de>
Date:       2007-01-28 15:20:50
Message-ID: 3.0.6.32.20070128162050.00c7e520 () 192 ! 168 ! 192 ! 1
[Download RAW message or body]

Hi,

At 14:22 27.01.2007 +0100, Harald Hanche-Olsen wrote:
>+ Erwin Hoffmann <feh@fehcom.de>:
>
>| 3. Don't forget: With GREETDELAY you consume connections for a
>| certain amount of time from bot-nets PCs. Thus, with this mean you
>| really suppress spams from those sources even to anyone else.
>
>This is well and good until enough sites do it to force the spammers
>to adapt.  The next generation of botnet spam mailers will just have
>to open a large number of SMTP connections simultaneously and pay
>attention to protocol niceties in order to maintain throughput.

Since I don't have a real good database for my forthcoming assumptions
(unlike e.g. "Brightmail") they are are little bit guess-work:

(a) "The next generation of botnet spam mailers will just have
     to open a large number of SMTP connections simultaneously"

I pretty much believe that they do it already.  If you've watched the last
spams, it is common to insert i.e. a RSS news feed first and than attach a
gif with the actual "message".

(b) ..and pay
    attention to protocol niceties in order to maintain throughput 

I pretty much doubt that. This means one have to introduce something like a
queue. This does not buy much. In any case *this* SMTP connection is
blocked with GREETDELAY. This is per construction different from Greylisting. 
Whith Greelisting, the spammer will finally succeed.

(c) Just another turn of the spiral in the war between spammers and the
    rest of us, I'm afraid.

Maybe. But again here, you have to make some distinctions:

(i) Spam from bot-nets -- you can reduce by means of GREETDEALY
(ii) Spam from *real* MTAs -- you can't neither reduce by GREETDELAY nor
Greylisting; but with RBLs, HELO checks, and DNS RTR, perhaps DomainKey etc 
(iii) Spam thru 'official' MTA -- the only way to get rid of those is by
content-aware scanner, like SpamAssassin.

I'm curious what 'horse' the spammer will ride in the future; but with
GREETDELAY you are effective on (i), while (ii) and (iii) are not affected.

>Someone please tell me I'm wrong.
>(With arguments of course. "You're wrong" doesn't cut it.)

I don't have the magic crystal ball, unfortunatley.

regards.
--eh.

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic