----- Original Message -----
From: "Joe Rhett" <jrhett(_at_)meer(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Cc: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, October 02, 2004 1:58 PM
Subject: Re: [spf-discuss] Unified SPF Algorithm (was: moving on from MARID)
On Fri, Oct 01, 2004 at 05:27:12AM -0400, Hector Santos wrote:
But I am not seeing any change whatsoever. A good example is adding a
multi-line Welcome response at the connection level. You will find a
vast
40% of the bulk spammers dropping the connection because their primitive
SMTP sender scripts are not handlng multi-line 220 responses. These
guys
are simply NOT adopting to this simple change in their software to get
pass
the connection level. They round-robin blast their attempts across the
entire spectrum of class c addresses. So I have a huge log of 255
continous
transactions with a HELO domain and thats it.
Hector, I'm not certain what your mail volume is
For our own support site, about 5-8K per day.
but your analysis is fairly short sighted.
I don't see what is it that makes say this... oh, I see ...
Today, maybe 12% of failed deliveries fail due to that reason.
Inside of 12 months that number will be 2%, and even less
after that. Yes, we'll still see this from spam-bots in 2009 I'm sure.
But the volume will be so low as to be irrelevant.
...you have you own figures!! We are seeing a near constant of 40%
Do you have any real world statistics showing these numbers?
I have over 1 year of detailed statistics. Check it out:
http://www.winserver.com/antispam
The numbers pretty constants which means the spammers indicating there is no
adaptation.
You are completely forgetting that there are people making money from spam
-- the ones selling the shovels! (sorry, California gold rush joke).
Why would I forgot this? Of course there is a market for it, otherwise why
would we be here?! Paper hat! <g>
ones who write the spamming software and provide the spam bots are making
a
lot of money.
The stats are proving otherwise so far and it probably could be explained.
The majority of the spammers are not really high techies, they are sleazy,
quick scheme, marketing guys and since the profit margin is low they do
their best at getting everything they need at low cost or free, i.e., PHP
mail send scripts which we found out exhibits the same problem of lacking
support for multi-line responses.
So they'll release a new version that gets around this problem
and get paid an upgrade fee.
I would of naturally thought the same thing, but again, the stats are
showing otherwise.
In the last few months we've even started to see greylisting falling off,
as the spam bots are now taking 4xx errors and retrying again. A few were
badly written, and were re-trying every second :-(
Thats good to know. But I would like to see stats over longer period.
Also there is a difference here. With the multiline response situation,
they are dropping. They are connecting, sending HELO without consideration
of the 220 response. They are expecting one line with "220 " followed with
a "250 " line. They are not getting this, so they drop. The server is not
dropping.
In other words, you are providing feedback which I would think (and hope)
would help train the senders. There is no feedback in a drop. Hence they
think it just didn't make it and try again. Who knows? They are not
learning and we have thousands of customers using our new stuff loving it
all!
Spammers evolve. Really.
I expected it too. But have not seen it.
Now, I have received a good feedback from one person awhile back who
suggested it might be that the "spammers" have not seen this small but
powerful SMTP compliancy protection method across a wider deployment world
wide, so they may not adopt yet.
I can buy this. A volume thing as you might be suggesting. If we use
pareto's principle, maybe when it reached 80% or before then, they would
investigate and fix this simple thing.
But I have not see it happen yet and one thing is for sure, these bulk
spammers have STUPID software and obviously, they are not producing and
analyzing reports on what makes it, what doesn't and why.
One would think that sending 3-8K failed connections per day for over a
years time, now spreading over thousands of Wildcat! customers who are
liking the system so much that many have switched from Norton Enterprise AVS
stuff to our integrated Wildcat!, wcSAP, wsSpamGuard (with SA support) AVS
system.
If they are not learning yet, with nearly 1 year of production in the market
place, the software is PRETTY stupid in providing feedback to the spammers.
The software is stupid. Really :-)
Anyway, thanks for your comments.
Sincerely,
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office