Tom wrote:
> The exploit is based upon the fact that the destination host
> rejects unknown users; MX backups, not having that information,
> generally accept *@domain, so the spammer hack is to find the
> n>0th MX host, and queue it all up there. SPreads the load.
On Mon, 7 Mar 2005, Eric Smith wrote:
I don't see how it "spreads the load" or
how the spammer benefits
in any way. The spammer wants to get the spam to as many valid
email addresses as possible, but sending to the backup MX doesn't
get it to more valid email addresses, and it doesn't reduce the
load on the spammer's sending machine.
I believe spammers get paid to deliver N messages, where N is as
large as possible. The accuracy of spam email lists is probably
low; I doubt the deliverers are in the business of vetting quality
and it would take too long. Getting a connection open and the mail
sent and themselves paid is the short-term goal.
With one connection to an MX>1, they can deliver *@domain mail to
that MX host then drop the connection. That MX host will then bang
at the MX=1 host on it's own dime, and the spammer is off to the
next.
It's the open-waits that eat the time, once you're in it's just
data transfer. Dequeueing is the goal, not accuracy.
My experience in this area is limited to managing systems all
around a company that did mass-mailing to anyone who had visited
their site (and provided email) via one of those default-clicked
"SEND ME MAIL!" things. Ethically light/medium gray to me, but
they at least did enter their email address somewhere...
I didn't run the mailers, but did networking and security (like a
lot of older sysadmins I'm "security expert" only by default;
1000% better than what they had... open mail relays, company name
as border router password, CEO desktop back doors...) By the time
I left it was pushing a few hundred-K email per batch. 1999.