mailing list archives
Re: Spam sent via spambots?
From: James Riden <j.riden () massey ac nz>
Date: Mon, 01 Nov 2004 14:38:01 +1300
Nick FitzGerald <nick () virus-l demon co uk> writes:
J.A. Terranson wrote:
And further, does anyone have any idea how to pick apart how much of
that is simply relaying type activity vs.dedicated spam-bot activity?
Does it matter?
Yes, as many of the former are simply due to (legitimate user)
misconfiguration and do not provide any form of backdooring to the
system, whereas the spammers are much more actively involved in
"managing" the latter and can actively update/replace/supplement the
code running on them. Thus the latter are much more likely able to
avoid (or perhaps "survive") "fixing".
Very little spam seems to come from traditional open mail relays these
days. A lot of the stuff I look at has come direct from the spammer
themselves, or from dynamic space, or university resnets.
I can't give accurate statistics though, because we're rejecting mail
at our MXs using sbl-xbl.spamhaus.org, which is specifically designed
to stop this kind of thing in the first place. (Last time I checked,
XBL was a composite of CBL, http://cbl.abuseat.org/ and OPM, an open
proxy list - see http://www.spamhaus.org/xbl )
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
Full-Disclosure - We believe in it.