In the past 10 days..one of our MX server has the following CR stats:
1) 45302: challenges sent out (new senders)
2) 1558: challenges respond with 550 SMTP reject code..results in
auto-blacklist
3) 696: confirmed responses to challenges
About 3% (1558) of the challenges are easily identified as bogus
senders. The other 97% are either sent from a mail server that accepts
all email for the domain (using auto-gen username) or from a spammer
that really doesn't care about getting identified. Yahoo, Aol and
others firewall at the user level and will not accept email destined for
a non-local user. In fact, spammers are simply bold enough to use a
valid domain using valid return addresses.this somewhat obviates the
impact of RMX
Only 1.2% of challenges are responded to. This doesn't necessarily mean
that users don't know what to do when challenged.there is no telling how
many of the 45,000 challenges were sent to non-spammers. What is clear
is that additional methods are required.