John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
spammer to try every address twice after a 15 minute interval.
Oh come on! It costs the spammer NOTHING to make that adjustment
to his bot net. Its someone else's bandwidth, and someone else's
cpu cycles.
They are reading this list and planning the changes already.
Greylisting has been used now for over 2 years. I haven't seen any
spammer adapt their botnets to handle it in that time frame. Some have
moved to using ISP relays or other unsecured 'real' MTAs, but the
majority live for the one-shot attempt. I do see the same message
(presumably) being tried by multiple compromised PCs (same from/to for
each one, 3 seconds apart or less).
Only a single data point mind you, but I'd say the majority of spammers
haven't bothered to adapt to greylisting. Yet.
