Response from Cyber Promotions (fwd)
Taner Halicioglu
taner at isi.net
Mon Apr 21 17:37:31 UTC 1997
On Mon, 21 Apr 1997, Doug McIntyre wrote:
> But most of the bulk spammer programs out there don't follow MX
> records. They blast directly into the sendmail port of the primary
> machine, and if they can't do that, they leave it at that and move
> on.. Blocking spam sites directly at the sendmail level (with
> tcp_wrappers), does effectively block out bad domains.
You sure about not following MX'? There is a machine, 'isi.net', but it
doesn't accept mail, and there's an MX pointing to out real mail machine,
yet we constantly get spam :-)
Otherwise everyone would've used this trick to avoid spam :)
Some of the sendmail rules listed at http://spam.abuse.net/spam/, like the
one that forces the MAIL FROM line to actually resolve, would probably
block a lot of spam, too. But I was wondering if this requires the
address to have an A record, or will an MX suffice; I know lots of people
that send as "user at domain.com" where domain.com is an MX only... I'm just
not familiar enough with sendmail rules to know how it works ;-)
If Cyberpromo were really trying to *cough* help, they would set all the
reply-to's in the spams to "abuse at cyberpromo.com" ;-)
yeah... right...
-Taner
--
D. Taner Halicioglu taner at isi.net
Programmer/Engineer/Sysadmin Internet Systems, Inc.
Voice: +1 408 543 0313 Fax: +1 408 541 9878
PGP Fingerprint: 65 0D 03 A8 26 21 6D B8 23 3A D6 67 23 6E C0 36
More information about the NANOG
mailing list