Mailing List SIMS@mail.stalker.com Message #10285
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Feature Request: Opt-In Blacklisting
Date: Wed, 20 Feb 2002 18:43:41 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 3:47 PM -0600 2/20/02, Jerry Pasker  imposed structure on a stream of electrons, yielding:
(Long posting ahead...)

many snips ahead...
[...]

An idea for the spamtrap (and this could be used in Communigate Pro, too) would be to have it add the host that was spamtrapped to the Temp Banned list, but for something longer than 1200 seconds.  86400 seconds comes to mind as a good number.  I see spamtrap hosts usually sending one spam, being rejected as a spamtrap,  then opening up another connection later to send the email.  On Feb 17th, my SIMS server had 165 spamtrap rejections.  ALL OF THEM were for Spamtrap addresses (or aliases) only. The hosts that were rejected just came right back and spewed spam later (usually under 5 secconds later). Not a single spam  sent to a real address was stopped do to spamtraps.

I like it.

I'd love to see a tunable TempBan time and broader application. I might like this:

Hit 5 bad addresses: 3600 sec.
Hit a spamtrap: 14400 sec.
3 or more 500 responses on a session: 86400 sec.

The last could deal with the idiot spammers who ignore 5xx responses to  the DATA command, and proceed to send the message anyway.

I'm not sure if the flowgo.com domain is problamatic spam or not, but I see that domain in my logs all day long being TempBanned, and tripping spamtraps.  If it *WAS* a legit spammer, I would only assume than it'd be listed in an RBL.  Still, I've never had a single complaint about blocked email from this domain....

They are a full-open no-limits spam operation. Your complaint may be the last straw if you send it to their upstream: abuse@above.net. Or maybe not. AboveNet isn't as tough as they used to be.

[...]
I've always run a secondary mail exchanger for my domains, but I'm wondering if it's really all that necessary since any respectable sending host will retry later, and I might just come out ahead in less spam.

Try this:

my.domain   MX   5     primary.mail.server
my.domain   MX   10    secondary.mx.server
my.domain   MX   20    another.name.for.primary.mail.server

Spammers have learned that backup MX's accept more spam. Making your primary a 'tertiary' server as well gets them to try it first instead of the real backup.

That said, the need for a secondary is less these days. It makes sense when the routing mesh between you and the world is tenuous and sparse. It makes sense to put an MX in the nearest well-connected network if you are based in China or Botswana and frequently see 'I can get HERE but not THERE' symptoms.  It is of limited utility to most .us and .eu locales.


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster