On Mon, 13 Oct 2014 10:24:28 +0900 Joel Rees <joel.r...@gmail.com> wrote:
> > I have an e-mail address my ISP gave me. Back almost twenty years ago, > when the internet was still a bit safe for naive use, I put my > isp-provided e-mail address in my home page. For the last fifteen > years, I've had to periodically clear that mailbox of junkmail, a > thousand in a week at the worst times, down to about a hundred a week > now. It does vary a bit. That address above has been my main one for fifteen years, used widely on Usenet and elsewhere. About three spams a day (at the moment) make it past my mail server, which is very aggressive, with typically a few hundred rejections a day. My record was about ten years ago, over 12,000 bogus attempts in 24 hours, the average in that period was probably about 1,500/day. I have a script that counts various rejection reasons... > > I'd change the address, but a junkmail magnet is actually an > interesting resource. I *use* the address. Partly I was curious about whether all this mucking about with posted email addresses was really necessary, and whether publishing a real address was practical. I was prepared to give it up and fall back to others if that was necessary. My conclusion is that it is practical, but only if you run your own mail server. Spamassassin and other content filtering just doesn't hack it, it's an arms race out there and I got fed up constantly refining rules and still dropping the odd real email. > > Every now and then, I still get a spate of junkmail there, where the > to: field has a long list of semi-random na...@isp.tld . I know those > names are bogus because I know there are not that many users at this > isp who have registered themselves with English names. Rather amusing. > > What are the junkmailers doing? Shotgun mailing the isp with possible > user names. > > If the isp responds with a code that says my user-id is valid, the > junk mailer knows he has a live address. > I don't think so, I think it's all NDR spam. I don't see enough real attempts at dictionary attacks. I see the same dozen names tried day after day, even hour after hour, and most of the non-repeated names are just random letter strings that could never be real email names. The actual published address gets one to two dozen bogus connections a day, none of the other genuine recipients get more than one or two a week. The intention is that the spam emails be accepted by a catch-all domain-wide mail server, then later bounced by the one that holds the mailboxes and knows the addresses are invalid. If the authoritative mail server for the domain knows the genuine recipients, it doesn't work, and that's the biggest single anti-spam measure possible. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141013092145.31179...@jresid.jretrading.com
