As a long time anti-spam combatant and Declude user I am seeing something I am interpreting as another way spammers are exploiting us. The problem with this scenario is that it is a catch22 because we cant bounce spam back to the senders. I used to own an ISP but sold it a few months ago due to the stiff competition and had been using Imail and Declude as spam and anti virus gateways, which I am now doing for the large company I work for now. I see guys asking about server specs and high spam loads so this prompted me to share what I have seen and am now seeing in my new workplace.
It seems that the more successful we are at stopping spam the more then send to us, not just to valid addresses and dictionary type deliveries but large volumes of spam that have no chance of being sent to a valid user for example [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] and so on on and on and on and on. I have seen this in the millions of messages and I believe its because we accept the mail and delete it because its obvious spam. The spammers then can say to their customers that they delivered some huge amount of their advertisements when in fact they just sent invalid recipient email to our mail vaporizers because they know we will accept it. The company that bought my ISP is Unix based and was able to write a program that looked at a list of valid email addresses and only accepted the connection if it found a valid recipient. And then after x amount of invalid user attempts they blacklisted the IPs. We found over 30,000 spam zombies were responsible for the invalid user email flood, I felt better knowing I didn't stand a chance of manually adding IPs to the Imail access control lists but still made me very angry. So is there a way to deal with this? How can we check for valid users before we accept the SMTP connection itself when using a gateway or peering configuration? Would it be possible to use the DNS blacklist concept but have our users on there so it becomes a DNS whitelist? Bottom line is that ALOT of our spam and virus processing overhead and could be stopped at the SMTP connection level. Short of hiring hit men to thin the Rokso list what can we do? Scott, Could you at least write a run first test to check a text file for valid users and if it doesn't find one fail the message and stop all further testing? If we can do this now can you provide and explanation of how? Comments? Ideas? Thanks for listening, Rick Davidson National Systems Manager North American Title Company --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
