On 9/13/2006 17:37, A.Omer Koker wrote:
> 
> On Paul's note about backscatter;   Yes it does mean that each brand new
> email meaning those that havent been white listed will create one reply.
> But my experience is that its better then loops and zillions of garbage in a
> administrators mailbox.   It also saves you on the potential of false
> positives with anti-spam solutions. 
> 

During August, more than 80% of the messages presented to our MX host from
external sources were rejected or discarded. Roughly half of the remainder
were classified as suspected spam. Odds are, the sender addresses on most of
those suspect messages were forged. If your mix resembles ours, you will be
sending challenge/response messages to a large number of individuals who never
sent anything to anyone in your domain. Those C/R messages are backscatter and
there are a number of sites which will block everything from you, if you send
backscatter. At first glance, challenge/response looks like an ideal solution
for spam, but it simply does not scale.

You may want to consider greylisting, in combination with other spam-filtering
tools. There are several variations, but the basic premise is that a message
with a never-before-seen sender/source-IP/recipient triplet will be rejected
with a 4xx error. If the sending system is a mail server, it will requeue the
message and retry later, something that few, if any zombies will do. If the
triplet reappears within a reasonable time frame, the message is accepted. It is
important to use the triplet, rather than just the sender/recipient ocmbination,
because you may see the same sender/recipient combination from multiple systems
in a zombie network.

-- 
Paul Russell, Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
[log in to unmask]