[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MTAs denying messages (was: Re: Moderated posts?)

On Mon, 13 Oct 2014 10:24:28 +0900
Joel Rees <joel.rees@gmail.com> wrote:


> 
> I have an e-mail address my ISP gave me. Back almost twenty years ago,
> when the internet was still a bit safe for naive use, I put my
> isp-provided e-mail address in my home page. For the last fifteen
> years, I've had to periodically clear that mailbox of junkmail, a
> thousand in a week at the worst times, down to about a hundred a week
> now.

It does vary a bit. That address above has been my main one for fifteen
years, used widely on Usenet and elsewhere. About three spams a day (at
the moment) make it past my mail server, which is very aggressive,
with typically a few hundred rejections a day. My record was about ten
years ago, over 12,000 bogus attempts in 24 hours, the average in that
period was probably about 1,500/day. I have a script that counts various
rejection reasons...

> 
> I'd change the address, but a junkmail magnet is actually an
> interesting resource.

I *use* the address. Partly I was curious about whether all this
mucking about with posted email addresses was really necessary, and
whether publishing a real address was practical. I was prepared to
give it up and fall back to others if that was necessary. My conclusion
is that it is practical, but only if you run your own mail server.
Spamassassin and other content filtering just doesn't hack it, it's an
arms race out there and I got fed up constantly refining rules and still
dropping the odd real email.
> 
> Every now and then, I still get a spate of junkmail there, where the
> to: field has a long list of semi-random names@isp.tld . I know those
> names are bogus because I know there are not that many users at this
> isp who have registered themselves with English names. Rather amusing.
> 
> What are the junkmailers doing? Shotgun mailing the isp with possible
> user names.
> 
> If the isp responds with a code that says my user-id is valid, the
> junk mailer knows he has a live address.
> 

I don't think so, I think it's all NDR spam. I don't see enough real
attempts at dictionary attacks. I see the same dozen names tried day
after day, even hour after hour, and most of the non-repeated names are
just random letter strings that could never be real email names. The
actual published address gets one to two dozen bogus connections a
day, none of the other genuine recipients get more than one or two a
week. The intention is that the spam emails be accepted by a catch-all
domain-wide mail server, then later bounced by the one that holds the
mailboxes and knows the addresses are invalid. If the authoritative
mail server for the domain knows the genuine recipients, it doesn't
work, and that's the biggest single anti-spam measure possible.

-- 
Joe
Reply to: