From owner-freebsd-chat  Tue Nov 25 23:09:54 1997
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id XAA25313
          for chat-outgoing; Tue, 25 Nov 1997 23:09:54 -0800 (PST)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA25301;
          Tue, 25 Nov 1997 23:09:47 -0800 (PST)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.7/8.6.9) with ESMTP id XAA18158; Tue, 25 Nov 1997 23:09:24 -0800 (PST)
To: Greg Lehey <grog@lemis.com>
cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, chat@hub.freebsd.org
Subject: Re: major push by spammers? 
In-reply-to: Your message of "Wed, 26 Nov 1997 17:32:14 +1030."
             <19971126173214.61195@lemis.com> 
Date: Tue, 25 Nov 1997 23:09:24 -0800
Message-ID: <18154.880528164@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk

> > Try turning on reverse DNS filtering and you'll find that this number
> > goes WAAAY up.  According to my stats just for time.cdrom.com, I've
> > rejected 2203 spam attempts since 9am this morning.  Yep, that's
> > correct - approximately 2.8 spams rejected every minute.
> 
> Wow.  You must have annoyed somebody :-)

No, I'm just stupid enough to post to USENET using my real mailing
address. :-)

> How are you recognizing the spammers?

2 ways: The first, if reverse DNS lookup fails, accounts for about 90%
of the rejects.  When I first started doing this, I worried that
perhaps I was rejecting some legit emails so for the first couple of
weeks I'd do one day on, one day off.  In 14 days worth of testing, I
got one "legitimate" message (though it was unanswerable due to said
misconfiguration, so I could have done without it :) and many many
hundreds of spams on the days that I had reverse DNS checking
disabled.  Needless to say, I can't even imagine not having it on now.

The second way, which accounts for that last 10%, is to reject
according to a ban list which is maintained by the folks at gulf.net
(to which we add our own local banlist).

						Jordan