There is an interesting piece detailing motives and method used by a spammer.
Interesting to me is the note about how the spammers pay for mail delivery and to me this is just yet another point proving that rejecting mail at SMTP time is a stupidest idea ever in the fight against spam.
There are many reasons why I believe this to be a bad idea. Most spam thesedays go directly to the secondary MX rather than the primary, this I can prove by looking at my spam checking on my own 2 machines. In the period 7 June 2004 till now my secondary machine handled 10568 emails 6913 were from dynamic blocks and blocks lists in 2 RBL lists – that is about 65% spam. On my primary server I handled 15288 messages in the same period with only 2521 being classified as spam using the same black lists but also running stuff through Spamassassin – that is 16% spam.
For anyone that hosts a secondary relay for a friend or other business this is a killer, typical mail servers reject mail at SMTP time using a 4xx class error and so the mail sits in the secondary mail queue trying over and over to deliver, each time wasting CPU and bandwidth resources. Eventually when it fails – and this happens on a 5xx class error as well – the secondary gets stuck with trying to delvier the bounce message to the source address – always faked – this attempted delivery goes on for a number of days and wastes more CPU and bandwidth resources. A much more friendly approach would be to accept the mail and bin it right away, this will actually save you and your secondaries a lot of resources – and as this quote shows it will actually end up costing the Spammers money if you accept it rather than reject it at SMTP time.
For USD 50 excluding VAT he buys his first 400,000 credits; one credit equals the sending of one spam mail. Because they have a special offer running that month, send-safe.com doubles his credits for free, which enables him to send no less than 800,000 spams for 50 dollars.
After these preparations, the spam can be sent. The program supplied will set up a connection, routing the spammer to an open proxy server and from there to the mail server where the spam is to be sent. If that mail server accepts the connection, the spam mail will be sent and a credit will be deducted from the spammer’s account. If the mail server does not accept the connection because the IP of the open proxy is blacklisted, the e-mail will not be sent and no credit wil be deducted.
In one specific case of stupid mail rejection I calculated that the repeated attempts to deliver the email over a period of 5 days used up 680 Mb of bandwidth between my secondary and the primary, off loading that kind of bandwidth waste onto your secondaries is really not a good idea.
As things stand now I am considering refusing to host a secondary domain for anyone who is rejecting mail at SMTP time, I am simply sick of having to deal with the ever growing problem of bounce messages sitting in my mail queues and never delivering.
