This is a discussion on Re: Experimental - use my server for your high fake MX record - SpamAssassin ; DAve wrote: > Marc Perkel wrote: >> Looking for a few volunteers who want to reduce their spambot spam >> and at the same time help me track spambots for my black list. This >> is free and mutual benefit. ...
> Marc Perkel wrote:
>> Looking for a few volunteers who want to reduce their spambot spam
>> and at the same time help me track spambots for my black list. This
>> is free and mutual benefit. I (junkemailfilter.com) want to be your
>> highest numbered fake MX record. Here's how you would configure your
> A generous offer and an admirable effort. But if you think I or my
> clients are going to route mail to your servers you are mistaken. Even
> if I knew you personally, I don't think ethics or common sense would
> allow me to do so.
Not taking a position on this, but isn't outsourcing spam filtering
normal? Although I would think one would consider carefully about
outsourcing their e-mail filtering, I don' think common sense or ethics
have a whole lot to do with it.
>> mail.yourdomain.com MX 10
>> tarbaby.junkemailfilter.com MX 20
>> I will never actually receive your email. The recipient all always
>> get a 451 error just after the DATA command. So if your servers are
>> down you won't lose anything. A 451 error is a "I'm not ready, come
>> back later" error.
>> This will help you reduce your spambot spam generally by half. Many
>> spambots try the highest number MX records first and never try again.
>> So these attempts just go away. Your system load drops, your spam is
>> reduced, spamassassin doesn't have to work as hard. And some spammers
>> will actually blacklist you because when they see a
>> junkemailfilter,com host in the MX they don't even try because they
>> know that it will only reduce their spambot army to even attenpt to
>> send a spam.
>> I have developed an extremely accurate way of detecting spambots and
>> getting them listed on the first attempt to send spam. It involves
>> detecting a combination of several sins that if they hit this
>> combination, and most do, it's a virus infected spambot. Without
>> going into great detail one of the unique things I look for is hosts
>> not closing the connection with quit but rather allowing the
>> connection to time out after receiving the 451 error. When you
>> combine that it's the highest MX, no QUIT, and several other tests on
>> HELO and other things I can get these hosts blacklisted which blacks
>> their spam for everyone who uses my blacklists. And - unless you are
>> huge - you can use my blacklists for free.
>> Here's what an SMTP session to my tarbaby server looks like.
>> telnet tarbaby.junkemailfilter.com 25
>> Trying 220.127.116.11...
>> Connected to tarbaby.junkemailfilter.com.
>> Escape character is '^]'.
>> 220 tarbaby.junkemailfilter.com ESMTP Exim 4.68 Wed, 07 May 2008
>> 08:20:24 -0700
>> helo mydomain.com
>> 250 tarbaby.junkemailfilter.com Hello vps8.ctyme.com [18.104.22.168]
>> mail from:<>
>> 250 OK
>> rcpt to:firstname.lastname@example.org
>> 250 Accepted
>> 451 DEFER - Try a lower numbered MX record -
>> So - if you are interested all you have to do is set your highest
>> numbered MX to tarbaby.junkemailfilter.com. If you want to know more
>> about my lists you can read about them here.
>> This is experimental. I'm looking to see what kind of useful data I
>> can derive from this to see how well it work and if I'll continue it.
>> Send me a private email if you have any questions.