This is a discussion on Re: Experimental - use my server for your high fake MX record - SpamAssassin ; Randy Ramsdell wrote: > DAve wrote: >> Marc Perkel wrote: >>> Looking for a few volunteers who want to reduce their spambot spam >>> and at the same time help me track spambots for my black list. This >>> is ...
Randy Ramsdell wrote:
> DAve wrote:
>> Marc Perkel wrote:
>>> Looking for a few volunteers who want to reduce their spambot spam
>>> and at the same time help me track spambots for my black list. This
>>> is free and mutual benefit. I (junkemailfilter.com) want to be your
>>> highest numbered fake MX record. Here's how you would configure your
>> A generous offer and an admirable effort. But if you think I or my
>> clients are going to route mail to your servers you are mistaken. Even
>> if I knew you personally, I don't think ethics or common sense would
>> allow me to do so.
> Not taking a position on this, but isn't outsourcing spam filtering
> normal? Although I would think one would consider carefully about
> outsourcing their e-mail filtering, I don' think common sense or ethics
> have a whole lot to do with it.
If I have no control over junkmailfilter.com's mail servers someone will
need to take responsibility for any mail that arrives there, since I
cannot control what junkmailfilter.com might do or not do with the
connections that arrive there.
If we were to outsource our mail handling we would need to inform each
and every client, some contracts would need to be changed, some clients
who maintain their own DNS would need to make adjustments. It would also
be one more variable in the mix when someone says "where is my mail?"
I cannot blindly start announcing a MX for a server/network I do not
control or have a contract with.
Your business practices may vary ;^)
>>> mail.yourdomain.com MX 10
>>> tarbaby.junkemailfilter.com MX 20
>>> I will never actually receive your email. The recipient all always
>>> get a 451 error just after the DATA command. So if your servers are
>>> down you won't lose anything. A 451 error is a "I'm not ready, come
>>> back later" error.
>>> This will help you reduce your spambot spam generally by half. Many
>>> spambots try the highest number MX records first and never try again.
>>> So these attempts just go away. Your system load drops, your spam is
>>> reduced, spamassassin doesn't have to work as hard. And some spammers
>>> will actually blacklist you because when they see a
>>> junkemailfilter,com host in the MX they don't even try because they
>>> know that it will only reduce their spambot army to even attenpt to
>>> send a spam.
>>> I have developed an extremely accurate way of detecting spambots and
>>> getting them listed on the first attempt to send spam. It involves
>>> detecting a combination of several sins that if they hit this
>>> combination, and most do, it's a virus infected spambot. Without
>>> going into great detail one of the unique things I look for is hosts
>>> not closing the connection with quit but rather allowing the
>>> connection to time out after receiving the 451 error. When you
>>> combine that it's the highest MX, no QUIT, and several other tests on
>>> HELO and other things I can get these hosts blacklisted which blacks
>>> their spam for everyone who uses my blacklists. And - unless you are
>>> huge - you can use my blacklists for free.
>>> Here's what an SMTP session to my tarbaby server looks like.
>>> telnet tarbaby.junkemailfilter.com 25
>>> Trying 18.104.22.168...
>>> Connected to tarbaby.junkemailfilter.com.
>>> Escape character is '^]'.
>>> 220 tarbaby.junkemailfilter.com ESMTP Exim 4.68 Wed, 07 May 2008
>>> 08:20:24 -0700
>>> helo mydomain.com
>>> 250 tarbaby.junkemailfilter.com Hello vps8.ctyme.com [22.214.171.124]
>>> mail from:<>
>>> 250 OK
>>> rcpt to:firstname.lastname@example.org
>>> 250 Accepted
>>> 451 DEFER - Try a lower numbered MX record -
>>> So - if you are interested all you have to do is set your highest
>>> numbered MX to tarbaby.junkemailfilter.com. If you want to know more
>>> about my lists you can read about them here.
>>> This is experimental. I'm looking to see what kind of useful data I
>>> can derive from this to see how well it work and if I'll continue it.
>>> Send me a private email if you have any questions.
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.