botted hosts

Dean Anderson dean at av8.com
Tue Apr 5 22:55:40 UTC 2005


On Tue, 5 Apr 2005, Tony Finch wrote:

> On Mon, 4 Apr 2005, Dean Anderson wrote:
> >
> > Err, not likely. SPF came out, and now bots can find the ISPs "closed
> > relays" with very little trouble at all.
> 
> AFAIK bots use the MX of a parent domain of the infected machine's
> hostname to find an outgoing relay, not SPF. This is based on an
> incident I dealt with in September, and the Spamhaus article
> http://www.spamhaus.org/news.lasso?article=158
> Fortunately it isn't too hard to lock down MXs to incoming only.

Yes. Many ISPs have MXs incoming only for reasons besides spam.

But SPF identifies _outgoing_ mailservers. Just what a bot needs.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   





More information about the NANOG mailing list