[Dshield] Spam blocking validation

Tony Earnshaw tericssonearnshaw at barlaeus.nl
Tue Aug 22 05:43:03 GMT 2006

må den 21.08.2006 Klokka 18:33 (-0400) skreiv Jon R. Kibler:


> The single biggest complaint that we get is that someone's email is being blocked (rejected) because of DNS issues on the sender's end. These result in about 0.05% false positives. (Solution: whitelist)
> > 3) We experience waves of spam increase the spam messages a user receives
> > exponentially over a few days. I imagine these bursts are due to outbreaks
> > of new zombie malware -- is that a reasonable idea?
> One possibility. Another is that most spammers don't send continuously... they send in waves. Zombies make it easier and faster to blast out spam when there is a spam run.
> At least that is my opinion.

Very good analysis, I can confirm and can't better far and away most of
it (speaking as prof mailadmin with several years' experience).

As to point 3, I'd add that my experience is that most spammer software
c.q. malware from zombies is so dilettantishly and  naïvely designed
that it should be easy to filter, moreover it hardly ever changes or
improves. Professional spammer outfits (using fully-conformant rfc MTAs)
are on the increase but they should also be easy to ban/filter out
before receipt.


Tony Earnshaw
reservebergenser :)

More information about the list mailing list