on Tue, Nov 23, 2004 at 01:58:55PM -0800, Jeff Chan wrote:
On Tuesday, November 23, 2004, 12:25:16 PM, Steven Champeon wrote:
For me, I'm coming to the point of simply distinguishing between mail delivery attempts that occur in the context of abusive behavior (e.g., as part of the same session that tries to deliver to a spamtrap) or has so many things wrong with either the remote host (no rDNS, mismatch rDNS and HELO, known forged HELO, HELO as blacklisted domain, etc.) or with the message itself (missing Message-ID, tracking device header, misleading MIME content-type - ie, multipart/mixed with only one part, which though legal (!) is a very strong indicator of spam, etc.)
Which is ok for a breadth first approach that you guys take.
But for SURBLs we need that narrowed down to 100% pure spammers only. That's probably an impossible task, but that should be our goal.
Yeah, I understand that completely.
I see a future in which legit mail servers are simply expected to be configured within a reasonable bound, and act in reasonably nonabusive ways, or else their mail will be rejected. Here, anyway. Unfortunately, the spammers will likely simply beat us to it, so even these checks become less useful.
Yeah, it just means the spammers will need to fake or steal services better. That's why sender checks are probably less useful than content checks.
I dunno - with 50 million (or more) zombies out there? Sender checks are going to be useful for a good long time. As long as we can keep the fixed-netblock spammers in check with DNSBLs like SBL we'll do well.