RE: [Declude.JunkMail] Spammers bypassing gateways?

Tue, 23 Mar 2004 18:38:41 -0800 

Matt,
        
        I've seen the same problem and the suggestion we have made to our customers is 
to reconfigure their firewall (or proxy server/smtp server), such that they only 
accept SMTP traffic from our mail servers.  This does not stop spam initially, but 
over a period of time, the traffic does slow down.   
        
        It is my belief that some services are caching the MX (or A) records beyond 
the specified period.  I know at one of the sites I visit on a regular basis, that we 
made a change 3 months ago and we are still seeing attempts made to send mail directly 
to the mail server.

David  

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matt
Sent: Tuesday, March 23, 2004 8:12 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spammers bypassing gateways?


I've been wondering about the possibility and I think that I'm seeing 
proof of this now.  With gateway spam blocking services becoming more 
common, are spammers (zombie-types) now starting to attempt direct 
connections to mail.domain.tld instead of relying on MX records?

I've been advising new clients to avoid standard names such as mail and 
smtp for their mail servers due to the possibility of this happening.  
Twice now I have done switches though with servers named mail.domain.tld 
that continued to be spammed directly for weeks after the MX changed 
took place.  The only other possibility that I can think of is that some 
spamware is caching the IP's or MX records.

Has anyone else seen this?

Thanks,

Matt

-- 
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to