On 9/13/2006 17:37, A.Omer Koker wrote: > > On Paul's note about backscatter; Yes it does mean that each brand new > email meaning those that havent been white listed will create one reply. > But my experience is that its better then loops and zillions of garbage in a > administrators mailbox. It also saves you on the potential of false > positives with anti-spam solutions. > During August, more than 80% of the messages presented to our MX host from external sources were rejected or discarded. Roughly half of the remainder were classified as suspected spam. Odds are, the sender addresses on most of those suspect messages were forged. If your mix resembles ours, you will be sending challenge/response messages to a large number of individuals who never sent anything to anyone in your domain. Those C/R messages are backscatter and there are a number of sites which will block everything from you, if you send backscatter. At first glance, challenge/response looks like an ideal solution for spam, but it simply does not scale. You may want to consider greylisting, in combination with other spam-filtering tools. There are several variations, but the basic premise is that a message with a never-before-seen sender/source-IP/recipient triplet will be rejected with a 4xx error. If the sending system is a mail server, it will requeue the message and retry later, something that few, if any zombies will do. If the triplet reappears within a reasonable time frame, the message is accepted. It is important to use the triplet, rather than just the sender/recipient ocmbination, because you may see the same sender/recipient combination from multiple systems in a zombie network. -- Paul Russell, Senior Systems Administrator OIT Messaging Services Team University of Notre Dame [log in to unmask]