On Wednesday 24 March 2004 14:44, Bradley Cloete wrote:
Or is it possible that the fact that the takeup of spf has something to
do with it?
Especially since AOL posted there records in early Jan?
I've been getting joe-jobbed since early last year, and I can confirm that I'm
suddenly getting loads more bounces from AOL (about 500 a day) where they SAY
"no user" so I'm guessing that a spammer is either trying random addresses at
AOL or their spam detection has improved and they're just reporting it as
"user doesn't exist" rather than confirming to the spammer that an email
address is valid.
Unfortunately my current hosting company (Interland) won't let me add SPF
records while they control my DNS, so I'm still getting all the bounces, all
the more reason why I need to change to a hosting company with a smarter
attitude...
I'm hoping that as soon as I add SPF to my domain it'll cut all these bounces
and in turn eventually stop the joe-jobbing (last year I wrote a script that
traced the source IP of the original email and complained to the abuse
department of the appropriate ISP, but after 25,000 complaints led to only
about 10 replies, and the spammer started forging headers, I gave up on it).
Along this line, I'm using qpsmtp with qmail for receiving my mail, and it has
a module to support SPF. I'm going to suggest a patch to this so that if the
SPF check fails it shoudn't immediately refuse, but should instead sleep for
5-10 seconds before refusing - if we all did this it would have the effect of
tar-pitting the spammers so making non-deliveries even more expensive - this
is the equivalent of wasting the time of telemarketers rather than just
hanging up on them (which leaves them free to make another call immediately).
I know AOL has a whitelist that you can ask to be put on if you genuinely send
opt-in large mailings, I just wish they had a "please blacklist me" too -
like a custom SPF list that you could notify them of...
--
Tim