[Mimedefang] Re: Pre-Acceptance filtering (WAS: Re: recipient filter and RBLs)

Les Mikesell les at futuresource.com
Fri Dec 7 09:08:22 EST 2007

David F. Skoll wrote:
> No.  They can only assume it might get through if they get a 2xx response
> in response to the final "."
> However, this is probably moot.  I believe spammers just "fire-and-forget".
> In other words, they don't seem to pay close attention to SMTP response
> codes.

I wouldn't take that for granted.  Several years ago I ran a qmail based 
  system that accepted everything and generated bounces for errors for 
one of my domains. It was hit by a dictionary attack which kept swamping 
my outbound queue with bounces so I eventually replaced it with 
something sane - but even years later I was still getting 50,000 
delivery attempts a day to what appeared to be that same list of 
addresses.  That domain has expired recently so I can't look at a 
current log but the thing that always surprised me was that the 
connection attempts always came from dozens or hundreds of different IP 
addresses yet they were timed almost perfectly with short pauses between 
each connection.  My interpretation was that having initially accepted 
those random user names got them on some 'good' spam list that was sold 
and/or used for years thereafter.

I ended up making the domain a sendmail virtual domain with a default 
reject and a list of actual users so the impact of processing the 
rejections was minimal.

> Think about it.  You're hiring a criminal to do work on your behalf,
> and you're going to trust this very same criminal to give you accurate
> delivery statistics??

Somebody must have been making money somewhere - but they weren't paying 
  as much attention to the rejections as the accepts.

   Les Mikesell
    les at futuresource.com

More information about the MIMEDefang mailing list