spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Ramsdell <>
Subject Re: Experimental - use my server for your high fake MX record
Date Wed, 07 May 2008 18:32:28 GMT
DAve wrote:
> Marc Perkel wrote:
>> Looking for a few volunteers who want to reduce their spambot spam 
>> and at the same time help me track spambots for my black list. This 
>> is free and mutual benefit. I ( want to be your 
>> highest numbered fake MX record. Here's how you would configure your 
>> domain:
> A generous offer and an admirable effort. But if you think I or my 
> clients are going to route mail to your servers you are mistaken. Even 
> if I knew you personally, I don't think ethics or common sense would 
> allow me to do so.
> DAve
Not taking a position on this, but isn't outsourcing spam filtering 
normal? Although I would think one would consider carefully about 
outsourcing their e-mail filtering, I don' think common sense or ethics 
have a whole lot to do with it.
>> MX 10
>> MX 20
>> I will never actually receive your email. The recipient all always 
>> get a 451 error just after the DATA command. So if your servers are 
>> down you won't lose anything. A 451 error is a "I'm not ready, come 
>> back later" error.
>> This will help you reduce your spambot spam generally by half. Many 
>> spambots try the highest number MX records first and never try again. 
>> So these attempts just go away. Your system load drops, your spam is 
>> reduced, spamassassin doesn't have to work as hard. And some spammers 
>> will actually blacklist you because when they see a 
>> junkemailfilter,com host in the MX they don't even try because they 
>> know that it will only reduce their spambot army to even attenpt to 
>> send a spam.
>> I have developed an extremely accurate way of detecting spambots and 
>> getting them listed on the first attempt to send spam. It involves 
>> detecting a combination of several sins that if they hit this 
>> combination, and most do, it's a virus infected spambot. Without 
>> going into great detail one of the unique things I look for is hosts 
>> not closing the connection with quit but rather allowing the 
>> connection to time out after receiving the 451 error. When you 
>> combine that it's the highest MX, no QUIT, and several other tests on 
>> HELO and other things I can get these hosts blacklisted which blacks 
>> their spam for everyone who uses my blacklists. And - unless you are 
>> huge - you can use my blacklists for free.
>> Here's what an SMTP session to my tarbaby server looks like.
>> telnet 25
>> Trying
>> Connected to
>> Escape character is '^]'.
>> 220 ESMTP Exim 4.68 Wed, 07 May 2008 
>> 08:20:24 -0700
>> helo
>> 250 Hello []
>> mail from:<>
>> 250 OK
>> rcpt
>> 250 Accepted
>> data
>> 451 DEFER - Try a lower numbered MX record - 
>> So - if you are interested all you have to do is set your highest 
>> numbered MX to If you want to know more 
>> about my lists you can read about them here.
>> This is experimental. I'm looking to see what kind of useful data I 
>> can derive from this to see how well it work and if I'll continue it. 
>> Send me a private email if you have any questions.

View raw message