[TAG] (forw) Spam Prevention by Enforcing Standards

[Ben Okopnik]

On Fri, Jun 13, 2008 at 10:35:35PM +0200, Ren? Pfeiffer wrote:
> On Jun 13, 2008 at 1624 -0400, Ben Okopnik appeared and said:
> > On Fri, Jun 13, 2008 at 10:01:51PM +0200, Ren? Pfeiffer wrote:
> > > [...]
> > > The spammers don't need the MX records, their software does (provided
> > > they don't use a misconfigured MTA). Their spamming tools need to get
> > > the MX record unless they don't use the fallback mentioned in RFC 2821.
> > > Some do, and some anti-spam rules don't accept email from domains
> > > without MX record. Either way you get less mail. :)
> > 
> > Perhaps I'm simply unclear on spammers' methods. Why would they use
> > anything other than a standard MTA? Does, e.g., 'sendmail' instantly die
> > of shame when it's used in that manner? :)
> 
> The opinion is divided on this feature of Sendmail. ;) 

Ah - it only happens if the binary was compiled with the
DIE_OF_SHAME_IF_USED_FOR_LAME_PURPOSES flag! Understood; carry on. :)

> Gathering from
> the reports and articles I read most spammers move their SMTP operations
> to botnets. They give money to botherders and have their infected PCs
> spew out the spams. This means that at the first stage no MTA is
> involved. If the bots have to send the email directly they might have to
> lookup the MX record. If they use the ISP's upstream mail hub, then this
> might not work, but I doubt that the software infecting the bots has a
> highly complicated SMTP code (yet).
> 
> I'll have a chat with some anti-spam guys later this year, I may know
> more before the Christmas spams arrive. ;)

This sounds like waiting for the arrival of the Christmas winds in the
Caribbean - ~30 knot north/northwesterlies for a couple of weeks
straight. You have to make _sure,_ beforehand, that your rodes are in
good shape and your anchors are well set - or you might not make it
through the bad stretch.


-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *