Re: How to stop spammers bringing our server down?
- From: "Nigel Cliffe" <me@xxxxxxxxxxx>
- Date: Wed, 7 Nov 2007 09:10:24 -0000
Peter wrote:
"Phil B" <phil.remove.brady@xxxxxxxxxxxxx> wrote
Simple layman's explanation: Most spam generators use very simple
algorithms - usually running on hi-jacked infected PCs. Greylisting
temporarily rejects a first attempt at an email ("I'm very busy so
please try later" response) but remembers the sender/target email
address combination. It continues to reject that combination for
(say) an hour then lets it through. A 'proper' mail sender will
respect that temporary overload, requeue the request, retry and get
through but not a simple spam generator since they will go straight
on to the next victim. There are also efficiency devices built in -
eg if A on your site send email to B then a subsequent incoming B to
A will be accepted immediately. Also, if it has seen B send to A
successfully before, then it lets it through straight away.
Thank you Phil for the explanation.
Yes, I found it interesting and clear.
In fact yahoo accepts the email immediately (I can see that looking at
our smtp server activity when sending an email to yahoo) so they must
be storing them on their server, while looking for IP patterns.
Maybe Yahoo do this sometimes, but I get email through Yahoo (on BTInternet)
in seconds, often from different domains. I can send stuff from my outbound
ISP (Demon) to my Yahoo (BTInternet) account and it is there as fast as I
can click on email client commands.
Maybe the problem only occurs if the email is from an unknown origin, the
vast majority of the legitimate email I receive to my Yahoo (BTinternet)
mail box is from either a couple of mailing lists or from known friends.
Currently I am working on the principle that any registered domain
WILL always get attacked in a big way, and the only thing one can do
is make sure that any usernames are not easily guessed.
This means that while an address like
john.whittington@xxxxxxxxxxxxxxx
is going to be very hard to guess for the spammer and will be just
fine,
sales@xxxxxxxxxxxxxxx
is going to get flooded. Of course,
webmaster@xxxxxxxxxxxxxxx
you can just forget completely :)
But a company needs an address like sales@ to put on its website
(unless you want to rely just on web enquiry forms, which many people
hate) so the approach I am doing there is to use e.g.
sales25@xxxxxxxxxxxxxxx
and since these addresses are used largely just for the initial
contact one can change this address regularly.
The website address is moreover disguised with the usual javascript
methods but it seems that spammers have got around that nowadays. One
could put it up as a graphic and I have done that on some websites but
I think that on a business website it's going too far.
My experience of a .co.uk and .com domain (in place for over a year) is that
Javascript munging seems adequate. I've had around a decade's use of a
..org.uk address with similar protection.
We have fairly simple email addresses, such as inquiries@xxxxxxxxxxxxxxx
etc. However, we don't have "sales@" or "webmaster@".
Unfortunately most companies are just too dumb to do any of this and
as a result email is often not usable for business comms, so it's back
to fax.
Not here; its really rare for any of our clients to use fax. Probably
happened once in the last two years.
- Nigel
--
Nigel Cliffe,
Webmaster at http://www.2mm.org.uk/
.
- References:
- Re: How to stop spammers bringing our server down?
- From: Phil B
- Re: How to stop spammers bringing our server down?
- Prev by Date: Re: Mobile Modems
- Next by Date: Re: Security Alert - Netgear Router
- Previous by thread: Re: How to stop spammers bringing our server down?
- Next by thread: Re: How to stop spammers bringing our server down?
- Index(es):
Relevant Pages
|
