Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [exim] Why the dodgy HELOs?
On Thu, 6 Oct 2005, Adam Funk wrote:
> I still don't understand the spammers' motivation for this -- it
> doesn't seem difficult to reject obviously dodgy HELOs.
Quite a number of times, I've mused over the question of whether
there's a kind of spammer who deliberately feeds an early clue, so
that they don't waste too much effort on mail admins who are going to
reject their spam somewhere in the course of the transaction anyway.
There seem to me to be just too many easy pickings of this kind for it
to happen purely by chance. Sure, *some* spammers are cluless idiots
and couldn't compose an RFC-conforming header for toffee; but others
are full-time professionals at their job.
Even if my hunch is true, the clue would have to keep changing to keep
the admins on their toes, or else everyone would learn how to do it,
and the spammers wouldn't even be able to reach the usual suckers,
either. Many of the "obvious clues" that we programmed into the
antispam config from time to time over the course of a couple of
years, were keeping out a considerable volume of spam for a while but
then that behaviour pattern disappeared entirely, or became very
unusual - to be replaced by some other clue that, again, was rather
obvious once one had seen it.
(Don't get me wrong, there's still bushels of spam that isn't so easy
to keep out. I'm only talking about a specific fraction here.)
