Mailing List SIMS@mail.stalker.com Message #6909
From: Technical Support, Stalker Labs <support@stalker.com>
Subject: Re: Spamtrap
Date: Thu, 05 Oct 2000 14:09:41 +0400
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: CommuniGate 3.2.2b
Hello,

On Wed, Oct 4, 2000, 17:56:40 GMT
  Daniel Solomons, <daniel@oo.net> wrote:

>Hello -
>
>On 10/3/00 11:12 AM, "Technical Support, Stalker Labs" <support@stalker.com>
>wrote:
>
>>> Yes - so the message is responded to as if it hit a router spamtrap?
>>
>> Let me clarify that. Without the Unknown account any final address not found
>> locally will generate the "blah-blah user unknown" response. With the
>address
>> routed to 'error' - "blah-blah address is blacklisted" With spamtrap the
>> spammer will get the vague "We have reasons to believe this mail is unwanted
>> here" AFTER all recipients addresses are collected (on the DATA command).
>
>Yes. When there are more than 3 or 10 unknowns, SIMS initiates a short or
>long delay. Other than that, the response is that of unknowns, rather than
>the unhelpful (to spammers!) spamtrap mode?
>
>For the long delay, at least, it might be nice to behave as if a spamtrap
>had been hit. This doesn't appear to be the case - wouldn't it be useful?

Aren't you afraid of blocking some legitimate sender - it might happen that somebody mistyped severak addresses and now you are blacklisting him?

>>> How many misses does it take? Can I set it to a lower number?
>>
>> The parameters for suspending an SMTP session suspected in address
>harvesting
>> are hardcoded as follows:
>
>Thank you :-)
>
>I wonder if it makes sense to make these configurable through the
>web/communicator interface?

Possible.

>>>    What if the spam is sent through a provider's smtp server that also
>>>    serves legitimate email?
>>
>> If provider's IP is on the Clients Hosts list, it will never temp banned,
>but
>> messages will be rejected anyway.
>
>I think I understand what happens, but to make sure, suppose
>spammer@email.com is temp banned, legitimate mail from ghandi@email.com will
>bounce?

Those are IP addresses not domains what gets temp-banned. If both senders used the same server for sending - the message will be rejected.

>>>    Would it be helpful to also apply temporary bans on return addresses?
>>
>> Currently temporary bans are not applied to Return-Path routing failures.
>
>Just a thought :-)
>
>>> Still, I agree it helps. Why respond to spamtraps immediately, instead of
>>> tying them up also?
>>
>> The addresses routed to 'spamtrap' are tied till the DATA command. Tying
>> sessions longer may be not good.
>
>SIMS ties up sessions with unknowns and errors, why would it be more of a
>problem with spamtraps?

spamtraps should be disguised very well. I'm thinking of using random non-delivery replies in the case of spamttraps, like "Disk I/O error", "Internal routing failed", "not enough memory" - something vague and at random...


Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your reply.
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster