minor list changes

[Tom Jennings]

> Tom wrote:
>> The exploit is based upon the fact that the destination host
>> rejects unknown users; MX backups, not having that information,
>> generally accept *@domain, so the spammer hack is to find the
>> n>0th MX host, and queue it all up there. SPreads the load.

On Mon, 7 Mar 2005, Eric Smith wrote:
> I don't see how it "spreads the load" or how the spammer benefits
> in any way.  The spammer wants to get the spam to as many valid
> email addresses as possible, but sending to the backup MX doesn't
> get it to more valid email addresses, and it doesn't reduce the
> load on the spammer's sending machine.

I believe spammers get paid to deliver N messages, where N is as
large as possible. The accuracy of spam email lists is probably
low; I doubt the deliverers are in the business of vetting quality
and it would take too long. Getting a connection open and the mail
sent and themselves paid is the short-term goal.

With one connection to an MX>1, they can deliver *@domain mail to
that MX host then drop the connection. That MX host will then bang
at the MX=1 host on it's own dime, and the spammer is off to the
next.

It's the open-waits that eat the time, once you're in it's just
data transfer. Dequeueing is the goal, not accuracy.


My experience in this area is limited to managing systems all
around a company that did mass-mailing to anyone who had visited
their site (and provided email) via one of those default-clicked
"SEND ME MAIL!" things. Ethically light/medium gray to me, but
they at least did enter their email address somewhere...

I didn't run the mailers, but did networking and security (like a
lot of older sysadmins I'm "security expert" only by default;
1000% better than what they had... open mail relays, company name
as border router password, CEO desktop back doors...) By the time
I left it was pushing a few hundred-K email per batch. 1999.