Does anyone know of a way, using ResEdit or some other trickery, to increase the amount of time that the TempBanned feature bans a sending IP address for? I'd really like to lock these bozo's out for a day or more at a time so that they can't hit me multiple times with the same spread out attack throughout the day.
If somebody's running a harvesting attack from their server, I think it's a safe bet that I'm not expecting any legitimate mail from that particular server that day. :) At 9:38 AM -0500 5/22/02, Darrin Cardani wrote: >At 5:05 AM -0700 5/22/02, Tod Fitch wrote: >>I have seen an increase in address harvesting in the last month or two. >> >>And I believe I have seen a change in the type of harvesting: My impression is that >fewer accounts are being included in each try, tries are spread over a longer time >and that they are using often relays and/or alternative IP addresses. They could all >be separate attacks, but the names being tested seem to follow a pattern that >subjectively indicate that only a few attacks are happening. I got the impression >that a new type of harvesting that attempts to keep below the automatic detectors is >starting to happen. > >I brought this up on the list a couple of months ago, and nobody seemed to think it >was harvesting. I think it is. It appears to be a distributed harvest attempt. Once >an hour, some random open relay tries to send an email or 2 to <name>@mydomain.com, >and the names are always in alphabetical order. > >If you think about it, using an open relay to send a thousand messages to a thousand >different hosts makes it harder for each host to track you down. You can send out as >many emails and get as many responses (bounces or not, or even morons wanting your >product or service) as the usual way, but it's less noticeable to anyone other than >the operator of the relay, who's probably clueless, anyway. ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
