|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Blacklist and address based on "User unknown"
From: Derek B. Noonburg (derekn
foolabs.com)
Date: Tue Jan 02 2007 - 16:07:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2 Jan, Noel Jones wrote:
> At 03:39 PM 1/2/2007, Crayon wrote:
>>I would probably arrange it so that they would be removed from the
>>blacklist after 1 valid user. Anyway specific details would be fine tuned
>>once it's operational :)
>
> The usefulness of this idea is inversely proportional to the size of
> your user base. The more users you have, the more likely you will be
> blacklisting innocent servers. For a small user base, this may be a
> reasonable thing to so. Good luck.
I tried something like that a while back. It looked for email from one
server to N unique, invalid addresses on my domain (at the time, I was
seeing a lot of spam sent to joemydomain, bobmydomain, alicemydomain,
....) within the last few minutes.
It worked pretty well for a while, and then I got a phone call from a
friend at a certain large, well-known computer company, who said that
about half her email to me was bouncing. As best I could tell, some
computer inside the company had gotten infected with a virus, and was
sending out spam via the company mail servers, and my little script had
dutifully added about half of the servers to the block list (and would
have eventually added the rest if I hadn't killed it).
I obviously don't know anything about your users, so this might not be
an issue for you. I just wanted to point out that it's not just typos
that might cause problems.
- Derek
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]