[NTLUG:Discuss] the breaking point of spam
Preston Hagar
prestonh at gmail.com
Thu Jul 27 12:48:47 CDT 2006
On 7/25/06, Neil Aggarwal <neil at jammconsulting.com> wrote:
>
> Brian:
>
> I agree. Greylisting is depending on laziness of the
> spammers. Once the spammers see that all they have to
> do is to use an MTA with resend ability, greylisting will
> have zero effect.
>
> Neil
The amazing thing though is how truly lazy spammers are. I was getting
about 20-30 spam messages a day. By just putting in some basic checks to
make sure their server is conforming to RFC specs along with using
greylisting via postgrey, I have cut my spam to 0 with 0 false positives so
far. The thing to think about is this: Spammers arn't as stupid as well
all act like they are. They know that most people will not buy their
vi!gRiA or Pnis Elgrement, but for every (warning made up statistics coming)
1 million rational people out there, there is 1 idiot who will buy. Since
email can be a relatively inexpensive form of mass marketing for them, they
can send out billions of emails a day, knowing full well that most will
bounce or be quickly deleted and still make huge profits because of the
couple of idiots that fall for their sales pitch.
Now, take greylisting for example. The idea there (at least with postgrey)
is that when a message is first sent, the sending server gets a 450 message
saying "I'm busy now, try again later" . The receiving server will keep
saying this message for 5 minutes until it will accept the message if it is
resent (as it should be by any properly configured mail server). This means
that each message must be attempted to be delivered at least twice (more if
they try multiple times under the 5 minute limit). **Note: All of the
following numbers are made up, but at least sound reasonable** So let's say
that spammers can send out 1 million messages per hour and that they must
get 3 sales per hour to remain profitable. Now, everyone switches to using
greylisting so each message must be attempted to be delivered twice. This
would now greatly cut the number of messages per hour the spammer can send,
thus requiring him to get more sales per hour which may not be possible
since there is a finite number of idiots in the world (at least I hope).
Now, what if we add proper HELO checks, and check that the originating ip
address or domain must be real? And we make sure that the sending domain is
a FQDN? Now we have slowed them down (however slightly) even more. Will
all of this solve the spam problem? Probably not, but we can hope that if
enough people join in, we can slow down their operations enough where it is
no longer cost effective for them to spam.
Also, I implemented everything I talked about in an already running postfix
installation in about 1 hr. Even if this only blocks my spam for 1 month or
even 1 week, it was worth it. A great site for some good sane settings for
postfix can be found here:
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/
I would recommend leaving the SPF thing off though since it seems to me that
many mail servers have not implemented spf yet.
Just my long two cents,
Preston
More information about the Discuss
mailing list