|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Bankshot backscatter: a philosophical question
From: Sheldon T. Hall (pf
tandem.artell.net)
Date: Mon Feb 07 2005 - 12:32:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Leeman Strout says ...
> Sheldon T. Hall wrote:
> > As a preliminary defense against viruses and other malware,
> I have some body and header checks ...
[blah blah]
> > So ... as a matter of good citizenship, should I be doing
> > something else with this sort of crap rather than
> > REJECTing it?
> Infected PCs are now using ISP mail servers as relays in an
> attempt to get around ISP network filters.
Yep.
> This also has the effect of rendering
> GreyListing less effective...
A little. However, making a new sender try again later increases the chance
that the sending IP address, or sender name will be on an RBL/RHSBL when he
calls back. I've seen that quite a few times. I greylist after the RBL
checks, and I've seen quite a few messages get RBLed on second presentation.
Of course, I'm still get crap galore from zombies, and greylisting still
works for that.
> ... probably some other things in there too.
My defenses will evolve because ...
> This is why it's coming through proper mail servers now. :(
... the spammers' and virus-writers' methods change.
-Shel
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]