(keitai-l) Re: Web mirror of list (was: nooper > valueclick) [OT?]

From: Jonas Petersson <zap_at_xms.se>
Date: 12/11/03
Message-ID: <3FD81FCB.5080902@xms.se>
Curt Sampson wrote:
> On Tue, 9 Dec 2003, Jonas Petersson wrote:
>>Although email addresses are reasonably mangled, the message IDs are not
>>and as they typically resemble email addresses, we see a fair amount of
>>spam being sent to message IDs that are part of this list...
> 
> It sounds as if you're considering every possible address under your
> domain to be a valid address. In the long run, this is going to kill you
> independent of the message-id problem you described.

In some sense, yes I do and so far (for ~15 years) it has been no big
deal to handle.

> One quick check
> run by a spammer and you'll be recieving spam to tens of thousands of
> "e-mail addresses" on your server.

Not really, exceedingly few spammers just make up spam destination
addresses as sending DOES cost them time and CPU power (basically money)
so directing such addresses to /dev/null once and for all is no sweat.

I have so far only seen two cases that really cause pain:

* The above mentioned keitai-l case where message IDs are mistaken for
email addresses by harvesters due to a less than perfect archive system.
Obviously this is easily identified by a glance in my old logs.

* When spammer decide to use my domain as the SENDER address with a
random name. In this case I get the bounces. This has happened once in
the past (about 2 years back) and the rotation seems to have come back
now as it shot off a few weeks ago and is now starting to die out again.

It is interesting to note that this time around 99+% of the spam is sent
via remote controlled virus infected Windows systems on broadband
connections. In the past it was mostly open SMTP relays. Obviously I do
my duty as an internet citizen and report these systems to their
respective ISP (in detail).

> Just MHO, of course, but you're much better off immediately rejecting
> e-mail to addresses not known to be valid. Then you will never have to
> deal withh it.

Depending on your postmaster policy you may have to anyway in the faked
sender address case, though obviously you can deal with this by sending
postmaster mail to /dev/null too... I don't.

> (This is getting a bit off-topic, so if you have technical questions
> relating to this, please contact me off-list.)

Thanks for the offer, but I'm pretty much aware of what can be done at
my end - I just tried to suggest a remedy for part of the "pollution".
I'm pretty sure this problem takes up a fair percentage of many other
mail servers related to users on this list (and others), but in many
cases people seem to prefer the "ostrich" method.

		Just my 0.20 SEK / Jonas
-- 
Jonas Petersson  |  XMS Penvision  |  mailto:Jonas.Petersson@xms.se
Box 3294, Västgötegatan 13, S-600 03 Norrköping | http://www.xms.se/
Tel: +46 11 400 13 00 | Dir: +46 11 400 13 05 | Fax: +46 11 10 30 50
Received on Thu Dec 11 09:47:31 2003