Re: spamd unnecessarily abrasive?

Tue, 20 Feb 2007 12:37:50 -0800 

On Feb 20, 2007, at 11:54 AM, Theo de Raadt wrote:


In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial.  Unless my understanding is very wrong, the whole
effectiveness of the solution depends on the spammers not realizing
the difference between a "normal" MTA and one that greylists.


If a spammer knows I am running spamd because he can detect it, and
then disconnects, no spam makes it througg -- no spam is delivered.
There is no workaround for the spammer, except to act as a regular
"follow the RFC, and retry", which most of the spammers don't do (and
which we want them to do, since then they are easier to fight).

In fact, there are spammers who ARE noticing that greylisting servers
look (or behave) different, and they are disconnecting and not sending
spam through them.  Thus, no spam is delivered.

But you don't get it, do you?  Stopping spam from being delivered is
the reason for doing all this in the first place!  You have it
entirely backwards.

I think you had better book yourself into a course on logical
thinking.



To clarify a bit, I was referring to the greylisting portion.  If the  
spammer attempts their delivery again, they're considered "proper  
MTA" and therefor "not a spammer", correct?  True, once they're going  
to spamd it's too late (I guess this is the case if an DNSBL is being  
used to just skip the whole greylisting step?).



I haven't looked at the implementation in OpenBSD extensively, but at  
a basic level there are two portions, the greylist function, and the  
"waste their time" function, yes?  I'm talking about bypassing the  
first, not the second.



Even in the second case, if the spammer notices they're connecting to  
something that will waste their (bot's) time, they can simply  
disconnect and use the bot's resources to do something else.  Not the  
the spammers really care about wasting resources *that* much since  
they don't have to pay for them (or very little for a bot herd  
compared to "bulletproof hosting"), but it could make them a little  
more efficient.



The history of fighting spam has tended to show that if any form of  
combating spam becomes too effective (and wide-spread), spammers will  
invest effort figuring out how to defeat it.


Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"























					Reply via email to