On Fri, 9 Aug 2002, Suresh Ramasubramanian wrote:
> djc@??? (Dave C.) [Friday, August 09, 2002 8:48 AM]:
>
> >
> > Yes, it is an after the fact measure. But if your AUP has terms like
> > 'agree to pay up to $100 per message for violations', and if you make
> > it clear you terminate accounts at the first offense......
> >
>
> Yup. Nice to enforce if you have a credit card number or something in hand.
>
> With freemail providers (like us) things get a little tougher than that :)
I hope you arent providing SMTP relay service with that freemail
account. And spammers dont actually send using any webmail service - too
slow. They only use them as drop boxes.
> > Not if the spammer was sending to, say a thousand different domains,
> > with a hundred addresses in each domain.
>
> Spammers are normally stupid and lazy - they'll take the shortest route
> possible
Yes, but theres plenty of script kiddies and people that write spamware
that they use. The spammers themselves are morons, but they are
stubborn. Once they find themselves blocked, they will find a way around
it.
> > If they sent a sperate message, each one one recipient in each domain,
> > for a total of a thousand recipients, and a hundred messages...
>
> Not worth the time or trouble. Hell, most of them barely make enough for
> KFC and cheap beer - and the next week's rent on the trailer park.
>
> The others (real professional spammers) - they want to push out as much mail
> as possible fast. No time wasted doing fancy randomizing.
They would probably do that ahead of time, before beginning to send.
>
> > Now, perhaps a maximum number of recipients per message would at least
> > slow them down...
>
> That'll anyway be there. Now have them set up something like qmail with the
> concurrency patch, to pound your server with an endless paralell sequence of
> MAIL FROM: RCPT TO: ... (or worse, LSMTP, the ListServ MTA...).
>
> -srs
>
>