[svlug] Sudden increase in spam volume
Walt Reed
svlug at linuxguy.com
Thu Dec 7 11:47:21 PST 2006
On Thu, Dec 07, 2006 at 10:53:52AM -0800, Kevin Smathers said:
> Just wondering if anyone else has noticed a sudden spike in low-quality
> spam at your domains. I'm seeing connect rates of about 10x the usual
> volume at my mail server in less than a week. The quality is
> exceptionally poor, probing random email addresses using what looks like
> a dictionary attack, but has been sustained for at least 48 hours, with
> no pattern that I can see in the attacking IP addresses (there literally
> are hundreds of different hosts from all parts of the world in my mail
> logs.)
<snip>
> If anyone else is running into this, I'd like to hear what you've
> decided to do.
Note: please don't start a new thread by replying to an existing
message. It makes your message shows up in the middle of another
conversation in non-brain-dead mail clients that support threading.
It's bad etiquette.
There are a few options to cut the crap, and different solutions are
"right for you" depending on your particular situation.
DNSBL (black lists) are probably the easiest to implement, and are
usually very effective. The idea is to eliminate mail from zombies by
blocking anything coming from dynamic IP space and other known spam
sources.
Greylisting is another option that is fairly effective, although some
people don't like it because it increases the load on legit senders, and
can slow down delivery of legit mail.
More information about the Svlug
mailing list