On 5/23/2014 3:02 AM, Joe wrote:
On Thu, 22 May 2014 18:38:37 -0500 John Hasler <jhasler@newsguy.com> wrote:Joe writes:But you normally only get one spam at a time from one ISP, which suggests they do spot the problem themselves fairly quickly...It suggests that the spammers are quite sophisticated in their use of their bots.These are the ones that make it through, meaning among other things they come from an address with a proper A-PTR record pair.
This depends entirely on how your MTA is set up. Not all MTAs do reverse domain lookups (they are relatively long time consuming and can slow down mail processing, especially on a busy system). But even when they do, most systems nowadays have A-PTR records, even if they are in the form of "pool-1-1-168-192.example.com".
My rejectlog shows addresses trying several times an hour for days, and these are mostly domestic users. Presumably most mail servers reject these, and complaints aren't raised as quickly.
That's just the sender's MTA retrying the request, and has nothing to do with the spammer. The spammer probably only sent one message. Chances are the messages are rejected because they're already on someone's blacklist. Eventually the originating MTA gives up.
Jerry