[svlug] botnets
John Conover
conover at rahul.net
Mon Jan 8 12:33:08 PST 2007
David Rosenstrauch writes:
> Joe Buck wrote:
> > Example: it used to be that ordinary users routed their mail through
> > their ISP, while spammers and spambots did SMTP connections directly to
> > their victims, or via open relay sites. So we got black-hole lists and
> > told everyone they had to route mail through their ISPs or with
> > authenticated SMTP connections. Now the spambots typically route their
> > mail through the ISP's SMTP connection just like the machine owner's
> > regular mail. You can't block this without blocking the user's ability
> > to send mail.
>
> Just wondering: would you have any URL's that mention this trend? I
> ask because from what I can see most of the spam I get still seems to
> come directly from dynamic IP's belonging to various ISP's - and not
> from their mail servers. Are you seeing otherwise?
>
What I see is a bogus 'Received: ' record dynamically generated by the
spambot, so that it looks like it came through a mail server from a
client machine, but was really a direct smtp connection.
John
--
John Conover, conover at rahul.net, http://www.johncon.com/
More information about the Svlug
mailing list