Author: Marc Perkel Date: To: Chris Edwards CC: exim-users Subject: Re: [exim] Rate limiting on Sender Verify
Chris Edwards wrote: > On Tue, 17 Oct 2006, Marc Perkel wrote:
>
> | Ok - I'm changing the subject line here to fork this topic. The issue is
> | sender verification during a dictionary attack. If someone was faking a
> | lot of different addresses at domain.com trying to send spam them my
> | server would do callouts trying to verify email addresses and could
> | cause a lot of collateral traffic.
>
> Rate-limiting callouts based on the sender domain only helps in the
> special case where a spammer is repeatedly using one domain for multiple
> attempts on your server.
>
> But surely most of the spam you receive has sender addresses in different
> faked domains (not just different localparts at a single "domain.com").
>
> So you'll still be emit a lot of collateral traffic.
>
>
Actually from what I've seen spammers will find some misconfigured
domain that they like for some reason and use it for the fake addresses.
Generally a domain that has catchall accounts.