Spammers operate on the premise that lots of stupid people read email. For example, only stupid people would actually respond to an offer to sell medications, from a service that does not spell the product name correctly (they are either too stupid to recognize the deviant spelling even though the correct version is all over TV and magazines, or too stupid to realize it means the offeror is ethics challenged). But these offers are getting responses, or the spammers would not keep sending them.
The spammers are spending other people's money, since much of their "work" is done by hijacked machines, thus they do not care how 'expensive' their project might be, and any responses they do get are practically pure profit. So to probe a million targets and find even one vulnerable is "worth the trouble" since it is not their own trouble. The flaw in your logic is that you are thinking logically, working from the premise that any intelligent administrator (such as yourself) would never create a machine that is susceptible to this particular attack. Maybe YOUR server is not a viable avenue for the spammer, but there are SO many servers out there - finding a few that ARE viable is almost a certainty, since some people who connect systems to the internet are not so well-informed as we here. I believe that until a technique is discovered to eliminate ignorance and gullibility from the human population, there will be no solution to the spam problem. >>> Christopher Bort <[EMAIL PROTECTED]> 07/21/08 3:30 PM >>> This is really not a SpamAssassin issue, but since this list is populated by people who are interested in spammer behavior, I'm throwing it out for comment. If it's too far off topic, my apologies and I'll let it go at that. At $DAYJOB I run a mail server and a name server for several domains, both our own and for clients. At home, I run a mail server and a name server for a couple of personal domains. The home name server is a slave for most of the domains hosted at $DAYJOB. The home mail server is _not_ configured to handle mail for any of the $DAYJOB domains and it is _not_ an MX for any of those domains. The only connection is that it is an NS for the $DAYJOB domains. These domains _do_ have $DAYJOB mail server as their MX. For a while now, I've been seeing attempts to send mail to the home server for addresses in $DAYJOB domains. This is not a problem since the volume is low and they are being properly rejected as third-party relay attempts (authentication required - relay not permitted). However, the fact that someone is apparently trying to send mail to an NS instead of an existing MX has piqued my curiosity. It looks like it's all spam (the sender addresses tend to support that). So, has anyone else seen this sort of behavior and what could be the rationale for trying to deliver mail to an NS like this? -- Christopher Bort <[EMAIL PROTECTED]> <http://www.thehundredacre.net/>
