Nick FitzGerald <[EMAIL PROTECTED]> writes: > J.A. Terranson wrote: > > <<snip>> >> > And further, does anyone have any idea how to pick apart how much of >> > that is simply relaying type activity vs.dedicated spam-bot activity? >> >> Does it matter? > > Yes, as many of the former are simply due to (legitimate user) > misconfiguration and do not provide any form of backdooring to the > system, whereas the spammers are much more actively involved in > "managing" the latter and can actively update/replace/supplement the > code running on them. Thus the latter are much more likely able to > avoid (or perhaps "survive") "fixing".
Very little spam seems to come from traditional open mail relays these days. A lot of the stuff I look at has come direct from the spammer themselves, or from dynamic space, or university resnets. I can't give accurate statistics though, because we're rejecting mail at our MXs using sbl-xbl.spamhaus.org, which is specifically designed to stop this kind of thing in the first place. (Last time I checked, XBL was a composite of CBL, http://cbl.abuseat.org/ and OPM, an open proxy list - see http://www.spamhaus.org/xbl ) cheers, Jamie -- James Riden / [EMAIL PROTECTED] / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
