<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spam SW, EMS/RFMS


    ...

    EMS/RFMS seems to have two "interesting" features:
    
        1)	"MAIL From: <>"; i.e. there is no real From that can take
    	legal action due to fraud etc. Smart.
Right. But I've also seen - although I don't recall
whether they came from this particular source -
"MAIL From: <<>>". This can be caught.
        
        2)	It makes use of MX hosts that have higher cost than the best
    	one. At first this could seem like it just legitimately uses
    	MX-records, but the increase in traffic and bounces through
    	the host we run, chalmers.se; secondary MX for *.chalmers.se,
    	tells us this is not by chance, this is made by will.
I've noticed that too. It doesn't help them though,
since my mailhost and MX fallback host both have
exactly the same anti-spam measures, including
completely blocking a number of domains. But I must
add that I don't have a host-in-the-middle like you.


	Piet




<<< Chronological >>> Author    Subject <<< Threads >>>