comment on the spam situation this and next year...

Discussion in 'NZ Computing' started by thingy, Dec 8, 2006.

  1. thingy

    thingy Guest

    thingy, Dec 8, 2006
    #1
    1. Advertising

  2. thingy

    Enkidu Guest

    thingy wrote:
    > http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >
    > I find it interesting that few mention grey listing, yet it is highly
    > effective. Of course these are marketing sound bites from companies
    > floging anti-spam products/services.....
    >

    Grey-listing is a terrible idea that creates extra load on already
    stressed mail servers, and which won't take long for SPAMmers to
    circumvent anyway. If grey-listing becomes prevalent then SPAMmers will
    just adjust their armies of bots to try several times, just like a
    legitimate SMTP server would.

    Grey-listing can result in two or three or more attempts to deliver
    email, depending on the clash between retry parameters that the two ends
    of the link decide upon. It's common for a SMTP server to contact a
    grey-listing site, try up to three or four times to deliver a message,
    only to then get refused for some other reason.

    People have unreal expectations of email. They expect it to be delivered
    almost instantly. Try explaining to the CEO's PA that her important
    email won't get delivered for maybe an hour because some 'soul with an
    R' grey-listed her email.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Dec 8, 2006
    #2
    1. Advertising

  3. In message <4579e7d6$>, Enkidu wrote:

    > It's common for a SMTP server to contact a
    > grey-listing site, try up to three or four times to deliver a message,
    > only to then get refused for some other reason.


    What sort of other reason?
     
    Lawrence D'Oliveiro, Dec 9, 2006
    #3
  4. thingy

    Philip Guest

    Enkidu wrote:
    > thingy wrote:
    >> http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >>
    >> I find it interesting that few mention grey listing, yet it is highly
    >> effective. Of course these are marketing sound bites from companies
    >> floging anti-spam products/services.....
    >>

    > Grey-listing is a terrible idea that creates extra load on already
    > stressed mail servers, and which won't take long for SPAMmers to
    > circumvent anyway. If grey-listing becomes prevalent then SPAMmers will
    > just adjust their armies of bots to try several times, just like a
    > legitimate SMTP server would.
    >
    > Grey-listing can result in two or three or more attempts to deliver
    > email, depending on the clash between retry parameters that the two ends
    > of the link decide upon. It's common for a SMTP server to contact a
    > grey-listing site, try up to three or four times to deliver a message,
    > only to then get refused for some other reason.
    >
    > People have unreal expectations of email. They expect it to be delivered
    > almost instantly. Try explaining to the CEO's PA that her important
    > email won't get delivered for maybe an hour because some 'soul with an
    > R' grey-listed her email.
    >
    > Cheers,
    >
    > Cliff
    >

    I wonder if there is not a case for law enforcement agencies worldwide
    to work, perhaps through an agency like Interpol, to identify the actual
    beneficiaries of spam - the people that will receive the money.

    It shouldn't be that difficult to create a list of organisations that
    could be subject to blocking orders banning them from receiving payment
    though Visa,Mastercard and PayPal.

    That would kill the penis patch/ porno video/ duff homeloan /weird and
    illegal pharmaceuticals pushers dead in their tracks. No dosh, no
    return, go rob a gas station.

    The share pump'n'dumpers need a different approach. Create an
    international list of dodgy mining / computer / electricity well
    companies. Legislate (or regulate, which is better) in the co-operating
    countries to criminalise all trading in their shares, and have them
    struck out from the markets.

    It would be much more effective than the War Against Moisture at the
    airport.

    Philip
     
    Philip, Dec 9, 2006
    #4
  5. thingy

    jasen Guest

    On 2006-12-09, Lawrence D'Oliveiro <_zealand> wrote:
    > In message <4579e7d6$>, Enkidu wrote:
    >
    >> It's common for a SMTP server to contact a
    >> grey-listing site, try up to three or four times to deliver a message,
    >> only to then get refused for some other reason.

    >
    > What sort of other reason?


    server too busy, bad address, mailbox full, surely you've had bounced email before.



    --

    Bye.
    Jasen
     
    jasen, Dec 9, 2006
    #5
  6. In message <eldf8t$b25$-a-geek.org>, jasen wrote:

    > On 2006-12-09, Lawrence D'Oliveiro <_zealand>
    > wrote:
    >
    >> In message <4579e7d6$>, Enkidu wrote:
    >>
    >>> It's common for a SMTP server to contact a
    >>> grey-listing site, try up to three or four times to deliver a message,
    >>> only to then get refused for some other reason.

    >>
    >> What sort of other reason?

    >
    > server too busy, bad address, mailbox full, surely you've had bounced
    > email before.


    But those are all reasons why the mail would have failed to be delivered
    anyway, greylisting didn't make any difference.
     
    Lawrence D'Oliveiro, Dec 9, 2006
    #6
  7. thingy

    thingy Guest

    Enkidu wrote:
    > thingy wrote:
    >> http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >>
    >> I find it interesting that few mention grey listing, yet it is highly
    >> effective. Of course these are marketing sound bites from companies
    >> floging anti-spam products/services.....
    >>

    > Grey-listing is a terrible idea that creates extra load on already
    > stressed mail servers, and which won't take long for SPAMmers to
    > circumvent anyway.


    People have been saying that for 2 years+ it has not happened yet.
    Spammers have circumvented any other method eg image spam and document
    spam. Yet grey listing has not been defeated. The botnets are built for
    speed greylisting will force them to re-try, the overhead for that means
    less psma per hour and some decent re-writes of their code.

    If grey-listing becomes prevalent then SPAMmers will
    > just adjust their armies of bots to try several times, just like a
    > legitimate SMTP server would.


    You could say the same about any other anti-spam technology.

    > Grey-listing can result in two or three or more attempts to deliver
    > email,


    Only the first time and then you can white list.

    depending on the clash between retry parameters that the two ends
    > of the link decide upon.


    If the servers are overloaded with spam that happens anyway.

    It's common for a SMTP server to contact a
    > grey-listing site, try up to three or four times to deliver a message,
    > only to then get refused for some other reason.
    >
    > People have unreal expectations of email. They expect it to be delivered
    > almost instantly. Try explaining to the CEO's PA that her important
    > email won't get delivered for maybe an hour because some 'soul with an
    > R' grey-listed her email.


    or explain to her spending another 50k on on another 2 email servers
    cause the two we have are now being overloaded several times an hour by
    distributed spam.

    > Cheers,
    >
    > Cliff


    Sorry your arguments lacks any weight, mine are based on successful
    deployment.

    Add in that even if grey listing works for another year before it is
    defeated, that is a year of way less spam.

    regards

    Thing
     
    thingy, Dec 9, 2006
    #7
  8. thingy

    thingy Guest

    Lawrence D'Oliveiro wrote:
    > In message <eldf8t$b25$-a-geek.org>, jasen wrote:
    >
    >> On 2006-12-09, Lawrence D'Oliveiro <_zealand>
    >> wrote:
    >>
    >>> In message <4579e7d6$>, Enkidu wrote:
    >>>
    >>>> It's common for a SMTP server to contact a
    >>>> grey-listing site, try up to three or four times to deliver a message,
    >>>> only to then get refused for some other reason.
    >>> What sort of other reason?

    >> server too busy, bad address, mailbox full, surely you've had bounced
    >> email before.

    >
    > But those are all reasons why the mail would have failed to be delivered
    > anyway, greylisting didn't make any difference.


    like duh...

    I agree, and its probably down to the server having to process all that
    spam, or the mailbox being full of spam and well a bad address is a bad
    address....that is not the fault of the receiving server and user, that
    is down to typos by the sender.

    regards

    Thing
     
    thingy, Dec 9, 2006
    #8
  9. thingy

    thingy Guest

    jasen wrote:
    > On 2006-12-09, Lawrence D'Oliveiro <_zealand> wrote:
    >> In message <4579e7d6$>, Enkidu wrote:
    >>
    >>> It's common for a SMTP server to contact a
    >>> grey-listing site, try up to three or four times to deliver a message,
    >>> only to then get refused for some other reason.

    >> What sort of other reason?

    >
    > server too busy, bad address, mailbox full, surely you've had bounced email before.
    >
    >
    >


    This is nothing to do with grey-listing and frequently to do with spam.

    regards

    Thing
     
    thingy, Dec 9, 2006
    #9
  10. thingy

    thingy Guest

    Philip wrote:
    > Enkidu wrote:
    >> thingy wrote:
    >>> http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >>>
    >>>
    >>> I find it interesting that few mention grey listing, yet it is highly
    >>> effective. Of course these are marketing sound bites from companies
    >>> floging anti-spam products/services.....
    >>>

    >> Grey-listing is a terrible idea that creates extra load on already
    >> stressed mail servers, and which won't take long for SPAMmers to
    >> circumvent anyway. If grey-listing becomes prevalent then SPAMmers
    >> will just adjust their armies of bots to try several times, just like
    >> a legitimate SMTP server would.
    >>
    >> Grey-listing can result in two or three or more attempts to deliver
    >> email, depending on the clash between retry parameters that the two
    >> ends of the link decide upon. It's common for a SMTP server to contact
    >> a grey-listing site, try up to three or four times to deliver a
    >> message, only to then get refused for some other reason.
    >>
    >> People have unreal expectations of email. They expect it to be
    >> delivered almost instantly. Try explaining to the CEO's PA that her
    >> important email won't get delivered for maybe an hour because some
    >> 'soul with an R' grey-listed her email.
    >>
    >> Cheers,
    >>
    >> Cliff
    >>

    > I wonder if there is not a case for law enforcement agencies worldwide
    > to work, perhaps through an agency like Interpol, to identify the actual
    > beneficiaries of spam - the people that will receive the money.
    >
    > It shouldn't be that difficult to create a list of organisations that
    > could be subject to blocking orders banning them from receiving payment
    > though Visa,Mastercard and PayPal.
    >
    > That would kill the penis patch/ porno video/ duff homeloan /weird and
    > illegal pharmaceuticals pushers dead in their tracks. No dosh, no
    > return, go rob a gas station.
    >
    > The share pump'n'dumpers need a different approach. Create an
    > international list of dodgy mining / computer / electricity well
    > companies. Legislate (or regulate, which is better) in the co-operating
    > countries to criminalise all trading in their shares, and have them
    > struck out from the markets.
    >
    > It would be much more effective than the War Against Moisture at the
    > airport.
    >
    > Philip
    >



    given the pedophiles, heroine drug runners and other serious low life, I
    cannot see Interpol spending tie on spam......dont think I'd want to either.

    regards

    Thing
     
    thingy, Dec 9, 2006
    #10
  11. thingy

    Enkidu Guest

    Lawrence D'Oliveiro wrote:
    > In message <eldf8t$b25$-a-geek.org>, jasen wrote:
    >
    >> On 2006-12-09, Lawrence D'Oliveiro <_zealand>
    >> wrote:
    >>
    >>> In message <4579e7d6$>, Enkidu wrote:
    >>>
    >>>> It's common for a SMTP server to contact a
    >>>> grey-listing site, try up to three or four times to deliver a message,
    >>>> only to then get refused for some other reason.
    >>> What sort of other reason?

    >> server too busy, bad address, mailbox full, surely you've had bounced
    >> email before.

    >
    > But those are all reasons why the mail would have failed to be delivered
    > anyway, greylisting didn't make any difference.
    >

    Grey listing normally happens before delivery is tried by the receiving
    server to the recipient mailbox. Hence "no account" and "relay not
    permitted" do not happen until the mail is first accepted by the server.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Dec 9, 2006
    #11
  12. thingy

    Enkidu Guest

    thingy wrote:
    > Enkidu wrote:
    >> thingy wrote:
    >>> http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >>>
    >>>
    >>>
    >>> I find it interesting that few mention grey listing, yet it is
    >>> highly effective. Of course these are marketing sound bites from
    >>> companies floging anti-spam products/services.....
    >>>

    >> Grey-listing is a terrible idea that creates extra load on already
    >> stressed mail servers, and which won't take long for SPAMmers to
    >> circumvent anyway.

    >
    > People have been saying that for 2 years+ it has not happened yet.
    > Spammers have circumvented any other method eg image spam and
    > document spam. Yet grey listing has not been defeated. The botnets
    > are built for speed greylisting will force them to re-try, the
    > overhead for that means less psma per hour and some decent re-writes
    > of their code.
    >

    That's because grey-listing is not prevalent yet. If it does become
    prevalent then the code changes will be made. Bots are already being
    re-written for challenge-response and a few emails make it through that
    and all the other defences I have.
    >
    >> If grey-listing becomes prevalent then SPAMmers will just adjust
    >> their armies of bots to try several times, just like a legitimate
    >> SMTP server would.

    >
    > You could say the same about any other anti-spam technology.
    >

    I don't deny that. It's an arms-race.
    >
    >> Grey-listing can result in two or three or more attempts to deliver
    >> email,

    >
    > Only the first time and then you can white list.
    >

    This is true, but irrelevant. An individual may send to a server and
    then get white-listed. Another user from the same server sending to the
    same or a different user on that server has to go through the same
    process. Grey-listing works on a user to user basis, not a server to
    server basis.
    >
    > depending on the clash between retry parameters that the two ends
    >> of the link decide upon.

    >
    > If the servers are overloaded with spam that happens anyway.
    >

    Agreed but grey-listing forces this process on *all* servers that try to
    contact they grey-listing server. The pattern is quite clear and
    different to the pattern of an overloaded server.
    >
    > It's common for a SMTP server to contact a
    >> grey-listing site, try up to three or four times to deliver a
    >> message, only to then get refused for some other reason.
    >>
    >> People have unreal expectations of email. They expect it to be
    >> delivered almost instantly. Try explaining to the CEO's PA that her
    >> important email won't get delivered for maybe an hour because some
    >> 'soul with an R' grey-listed her email.

    >
    > or explain to her spending another 50k on on another 2 email servers
    > cause the two we have are now being overloaded several times an hour
    > by distributed spam.
    >
    > Sorry your arguments lacks any weight, mine are based on successful
    > deployment.
    >
    > Add in that even if grey listing works for another year before it is
    > defeated, that is a year of way less spam.
    >

    You will find that your servers are going to be blocked by people when
    they discover that you are using grey-listing. It's easy to spot. When I
    was a mail admin I blocked several.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Dec 9, 2006
    #12
  13. thingy

    thingy Guest

    Enkidu wrote:
    > thingy wrote:
    >> Enkidu wrote:
    >>> thingy wrote:
    >>>> http://www.informationweek.com/news/showArticle.jhtml?articleID=196602463
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> I find it interesting that few mention grey listing, yet it is
    >>>> highly effective. Of course these are marketing sound bites from
    >>>> companies floging anti-spam products/services.....
    >>>>
    >>> Grey-listing is a terrible idea that creates extra load on already
    >>> stressed mail servers, and which won't take long for SPAMmers to
    >>> circumvent anyway.

    >>
    >> People have been saying that for 2 years+ it has not happened yet.
    >> Spammers have circumvented any other method eg image spam and
    >> document spam. Yet grey listing has not been defeated. The botnets
    >> are built for speed greylisting will force them to re-try, the
    >> overhead for that means less psma per hour and some decent re-writes
    >> of their code.
    >>

    > That's because grey-listing is not prevalent yet. If it does become
    > prevalent then the code changes will be made. Bots are already being
    > re-written for challenge-response and a few emails make it through that
    > and all the other defences I have.
    >>
    >>> If grey-listing becomes prevalent then SPAMmers will just adjust
    >>> their armies of bots to try several times, just like a legitimate
    >>> SMTP server would.


    Yes, but at present they dont, also they will suffer a speed drop...I am
    not saying only grey-list, it is one good method at present.

    >>
    >> You could say the same about any other anti-spam technology.
    >>

    > I don't deny that. It's an arms-race.


    So we use grey-listing for 1 maybe 3 years maybe more. Lots of people
    especially MS admins do not and probably never will use it...

    >>> Grey-listing can result in two or three or more attempts to deliver
    >>> email,

    >>
    >> Only the first time and then you can white list.
    >>

    > This is true, but irrelevant. An individual may send to a server and
    > then get white-listed. Another user from the same server sending to the
    > same or a different user on that server has to go through the same
    > process.


    You must have used/seen a crude system. On "better" ones you set 127.
    and local IP nets to permanent white list so local users do not get
    slowed at all.

    Grey-listing works on a user to user basis, not a server to
    > server basis.


    Some might, the ones I have tried do not.

    >> depending on the clash between retry parameters that the two ends
    >>> of the link decide upon.

    >>
    >> If the servers are overloaded with spam that happens anyway.
    >>

    > Agreed but grey-listing forces this process on *all* servers that try to
    > contact they grey-listing server. The pattern is quite clear and
    > different to the pattern of an overloaded server.


    So does overloading, if the server is overloaded all servers try and re-try.

    >> It's common for a SMTP server to contact a
    >>> grey-listing site, try up to three or four times to deliver a
    >>> message, only to then get refused for some other reason.
    >>>
    >>> People have unreal expectations of email. They expect it to be
    >>> delivered almost instantly. Try explaining to the CEO's PA that her
    >>> important email won't get delivered for maybe an hour because some
    >>> 'soul with an R' grey-listed her email.

    >>
    >> or explain to her spending another 50k on on another 2 email servers
    >> cause the two we have are now being overloaded several times an hour
    >> by distributed spam.
    > >
    >> Sorry your arguments lacks any weight, mine are based on successful
    >> deployment.
    > >
    >> Add in that even if grey listing works for another year before it is
    >> defeated, that is a year of way less spam.
    >>

    > You will find that your servers are going to be blocked by people when
    > they discover that you are using grey-listing. It's easy to spot. When I
    > was a mail admin I blocked several.


    I have no problem with people doing that, they can explain to their
    users why they cannot get our mail. If my users complain I just tell
    them the remote site is blocking us.

    Several servers like yahoo, hotmail, msn block us now as lots of our
    users forward on, spam et al...so less forwarding might actually see a
    better system response overall.

    Also my experience with remote smtp admins is pretty low at present, ie
    most seem in-capable of even running a basic smtp service properly let
    alone try something as "advanced" as a manual block.

    > Cheers,
    >
    > Cliff
    >


    regards

    Thing
     
    thingy, Dec 10, 2006
    #13
  14. thingy

    Enkidu Guest

    thingy wrote:
    >
    >>>> If grey-listing becomes prevalent then SPAMmers will just
    >>>> adjust their armies of bots to try several times, just like a
    >>>> legitimate SMTP server would.

    >
    > Yes, but at present they dont, also they will suffer a speed drop...I
    > am not saying only grey-list, it is one good method at present.
    >

    Bots don't care about speed. In fact some of them slow down so that the
    users doesn't become aware that they are infected, I've read. But
    currently bots don't try to get around greylisting that way for far as I
    know.
    >
    >>>
    >>> You could say the same about any other anti-spam technology.
    >>>

    >> I don't deny that. It's an arms-race.

    >
    > So we use grey-listing for 1 maybe 3 years maybe more. Lots of people
    > especially MS admins do not and probably never will use it...
    >
    >>>> Grey-listing can result in two or three or more attempts to
    >>>> deliver email,
    >>>
    >>> Only the first time and then you can white list.
    >>>

    >> This is true, but irrelevant. An individual may send to a server
    >> and then get white-listed. Another user from the same server
    >> sending to the same or a different user on that server has to go
    >> through the same process.

    >
    > You must have used/seen a crude system. On "better" ones you set 127.
    > and local IP nets to permanent white list so local users do not get
    > slowed at all.
    >
    >> Grey-listing works on a user to user basis, not a server to server
    >> basis.

    >
    > Some might, the ones I have tried do not.
    >

    ? The whole basis of greylisting is envelope sender, envelope recipient
    and IP address. I don't know how it would work otherwise.
    >
    >>> depending on the clash between retry parameters that the two ends
    >>>
    >>>
    >>>
    >>>
    >>>> of the link decide upon.
    >>>
    >>> If the servers are overloaded with spam that happens anyway.
    >>>

    >> Agreed but grey-listing forces this process on *all* servers that
    >> try to contact they grey-listing server. The pattern is quite clear
    >> and different to the pattern of an overloaded server.

    >
    > So does overloading, if the server is overloaded all servers try and
    > re-try.
    >

    Which results in a total difference pattern and is understandable. With
    greylisting the load is still there either in the processing of
    greylists on the receiver on in the spool and in the extra processing on
    the sender.

    Greylisting does not really hurt the SPAMmers, but it sure hurts the
    legitimate senders! I've seen it happen! Someone out there implements
    greylisting and suddenly my spool increases in size dramatically.
    >
    >>>
    >>> Add in that even if grey listing works for another year before it
    >>> is defeated, that is a year of way less spam.
    >>>

    >> You will find that your servers are going to be blocked by people
    >> when they discover that you are using grey-listing. It's easy to
    >> spot. When I was a mail admin I blocked several.

    >
    > I have no problem with people doing that, they can explain to their
    > users why they cannot get our mail. If my users complain I just tell
    > them the remote site is blocking us.
    >

    Do you explain to them why? Do you explain that the reason is that YOUR
    site is causing US problems. It may reduce the SPAM load on your
    servers, but on the sending server it uses a LOT more resources.
    >
    > Several servers like yahoo, hotmail, msn block us now as lots of our
    > users forward on, spam et al...so less forwarding might actually see
    > a better system response overall.
    >
    > Also my experience with remote smtp admins is pretty low at present,
    > ie most seem in-capable of even running a basic smtp service properly
    > let alone try something as "advanced" as a manual block.
    >

    ? It is merely a matter of editting a file. Though I'd agree that there
    are a lot of mis-configured mail servers out there.

    Where greylisting really hurts is if you relay for someone (say you are
    hosting their site www.travelnzforcheap.com and as a service you relay
    all mail to to their @smallcompany.co.nz
    mailbox). You have to hold the mail for them on your server for an hour
    or more. And there's no easy way of doing anything about it!

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Dec 10, 2006
    #14
  15. In message <>, Enkidu wrote:

    > Greylisting does not really hurt the SPAMmers, but it sure hurts the
    > legitimate senders! I've seen it happen! Someone out there implements
    > greylisting and suddenly my spool increases in size dramatically.


    Please explain how that can happen, just from one recipient implementing
    greylisting.
     
    Lawrence D'Oliveiro, Dec 10, 2006
    #15
  16. thingy

    thingy Guest

    Enkidu wrote:
    8><-------

    of the link decide upon.
    >>>>
    >>>> If the servers are overloaded with spam that happens anyway.
    >>>>
    >>> Agreed but grey-listing forces this process on *all* servers that try
    >>> to contact they grey-listing server. The pattern is quite clear
    >>> and different to the pattern of an overloaded server.

    >>
    >> So does overloading, if the server is overloaded all servers try and
    >> re-try.
    >>

    > Which results in a total difference pattern and is understandable. With
    > greylisting the load is still there either in the processing of
    > greylists on the receiver on in the spool and in the extra processing on
    > the sender.
    >
    > Greylisting does not really hurt the SPAMmers, but it sure hurts the
    > legitimate senders!


    I do not agree, grey-listing stops a huge % of spam, that hurts
    spammers. In terms of cost our options are coming down to 2 new MX
    servers, so doubling our front end...so it hurts us, we just blew $50k
    to deal wit spam.

    I've seen it happen! Someone out there implements
    > greylisting and suddenly my spool increases in size dramatically.


    Given the size of disks these days a few gig in the spool is no biggee.
    Once the site is whitelisted no change, in fact a white listed site is
    going to fair better as it gets its legit email through while spam is
    stopped.

    >>>> Add in that even if grey listing works for another year before it
    >>>> is defeated, that is a year of way less spam.
    >>>>
    >>> You will find that your servers are going to be blocked by people
    >>> when they discover that you are using grey-listing. It's easy to
    >>> spot. When I was a mail admin I blocked several.

    >>
    >> I have no problem with people doing that, they can explain to their
    >> users why they cannot get our mail. If my users complain I just tell
    >> them the remote site is blocking us.
    >>

    > Do you explain to them why? Do you explain that the reason is that YOUR
    > site is causing US problems. It may reduce the SPAM load on your
    > servers, but on the sending server it uses a LOT more resources.


    I dont understand this one, the sending server is purely smtp (sendmail)
    so takes diddly squat resources to send normal quantities of email (like
    say 2~3 per second). The resource hit is in the spam processing on the
    incoming servers. Example, I could run the outgoing smtp service as a
    single Dell 1850 with 4 gig of ram, it gets to 0.1 load....(I actually
    run 2 for redundancy) they never sweat. On the incoming I have a Dell
    2850 and a Dell 6850 and I am looking at 2 Dell 1955 Blades to cope for
    2007....

    >> Several servers like yahoo, hotmail, msn block us now as lots of our
    >> users forward on, spam et al...so less forwarding might actually see a
    >> better system response overall.
    >>
    >> Also my experience with remote smtp admins is pretty low at present,
    >> ie most seem in-capable of even running a basic smtp service properly
    >> let alone try something as "advanced" as a manual block.
    >>

    > ? It is merely a matter of editting a file. Though I'd agree that there
    > are a lot of mis-configured mail servers out there.


    Lots of Governmental ones as well.

    > Where greylisting really hurts is if you relay for someone (say you are
    > hosting their site www.travelnzforcheap.com and as a service you relay
    > all mail to to their @smallcompany.co.nz
    > mailbox). You have to hold the mail for them on your server for an hour
    > or more. And there's no easy way of doing anything about it!


    At what 40k each? say a few hundred emails? so you have absorbed 4~20
    meg of spool. Yo can also white list rceipient I think so in effect you
    could let that one email to destination through no matter what the content.

    Also I am playing with the greylist times, 58 mins stops botnets
    dead....I did an allow for an immediate retry and still got a good stop
    rate....looking at say 5~15 mins ideally...

    > Cheers,
    >
    > Cliff


    Step back a moment and look at the overall system...

    I spend time nurse maiding the smtp stuff, my co-workers time on the
    exchange servers. We are adding San disks at 2.5k a pop to deal with the
    increased size and amount of spam the gets through un-tagged as its
    image spam. We have to have mailbox limits as otherwise people have 3gig
    of mail stored, so we quota it....then they do as they normally do and
    are off about for a few weeks, result their inbox overloads and the
    legit email is rejected, while their email inbox is full of spam....it
    costs lots not to stop it at the border.....

    Yes its an arms race and at the moment grey-listing is the most highly
    effective single way Ive found to stop spam.

    regards

    Thing
     
    thingy, Dec 10, 2006
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    747
    Hywel
    Apr 12, 2004
  2. W
    Replies:
    8
    Views:
    424
    Plato
    Apr 3, 2006
  3. Clwddncr
    Replies:
    6
    Views:
    820
    Dave - Dave.net.nz
    Feb 7, 2005
  4. Replies:
    2
    Views:
    2,923
    Thrill5
    Mar 17, 2008
  5. smolderingwick

    2 year AAS degree (w/certs) vs. 4 year CIS degree

    smolderingwick, Feb 6, 2011, in forum: Microsoft Certification
    Replies:
    0
    Views:
    1,980
    smolderingwick
    Feb 6, 2011
Loading...

Share This Page