In <09cf01c5b934$8d1ea180$0600000a(_at_)john> "Chris Haynes"
<chris(_at_)harvington(_dot_)org(_dot_)uk> writes:
Someone else on another list recently said that they are already
doing this as a matter of routine. They were relying on the
observation that many spammers just make one, pre-scripted, attempt
to send each message, while good-guys will attempt a re-send.
Once spammers decide that this method of defence is starting to get
in their way the obvious, easy tactic for them is to execute each
spam run twice a few hours apart and, Voila! the amount of spam
which _everyone_ sees is doubled.
Life is not so easy for spammers that they can just send all their
email twice. Graylisting, and the like, require you to send the email
from basically the same IP address/block and use a consistent domain
name and such. After a few hours, other anti-spam tools such as
DNSBLs, RHSBLs, DCC/Pyzor/Razor, etc. have had a chance to react.
Spammers are caught in a bind: They can't use new IP addresses,
domains, and munging their email or graylisting will catch them. They
can't get around graylisting without other things catching them.
While I certainly do not like the idea of increasing the email load by
a factor of two, you need to realize that a factor of two is still a
constant. The general email volume, largely due to spam, is
increasing exponentially. All a constant factor does is shift time
time when you need to deal with that volume by a few months or maybe a
year. If it is impossible for you to deal with a constant factor now,
it will be impossible for you to deal with the normal load in the near
future.
-wayne