15 Dec
2006
15 Dec
'06
11:50 a.m.
It was thus said that the Great Alistair MacDonald once stated:
I experimented with greylisting on my servers which handle email for
clients. It worked *extremely* well, but I still had to turn it off
after about 3 days. We found that customers where failing to get email
from people at big ISPs because their systems would not retry the mails
(or didn't do enough retry attempts to pass the 1hr barrier.) Whilst
many people might feel that dropping all emails from AOL[1] is a good
thing my customers didn't seem to agree ...
I've noticed that about 40% of my spam (I run my own personal email
server) comes in through my backup MX host (which has no user information
and accepts *all* mail to my domain). Unrelated, a few months ago we got
DoSed due to an interesting anti-spam technique [2] whereby the MX record
for a domain we were trying to send bounce messages to was set to 127.0.0.1
(and therefore, the mail got requeued back into our system).
I figured that if it was DoSing us, it might be used to DoS the spammers,
so I tried it. [3] It worked okay, but I might be relunctant to put it into
production use.
I also thought that maybe using an MD5 hash on the body of a message would
work, but that's way too easy for the spammers to get around.
One other thing you might want to do (or enforce, if you are a webhosting
company or ISP) is not allow catchalls. We're getting away from that as it
causes us to get blacklisted by AOL and BellSouth (we're in Florida) on a
regular basis.
-spc (Perhaps the best thing would be to kill SMTP ... )
[1] Not my footnote.
[2] http://boston.conman.org/2006/09/05.1
[3] http://boston.conman.org/2006/09/05.3
http://boston.conman.org/2006/09/07.2