After a reporter started to investigate Spam occurrence and the link to a few US based hosting companies and provides he was able to shut down the operation in co-operation with other backbone providers. The result is a significant drop in worldwide spam occurrence since then.
For mail servers I administrate I was able to shut down 2 of 3 SpamAssassin instances due to no work for them to do. Let’s hope this will stay this way for a while.
When I couldn’t sleep last night I had to think about my new mailserver installation and the load of measurements I’ve undertaken to prevent my customers getting spam or to allow anybody to relay spam through my server. Then I realized that there might be the chance of a new method how good spam-filter techniques could be used as a spam drone.
Get the situation: I’m John the bad spammer and want to deliver my mails to a lot of boxes around the world. I connect to a mailserver and deliver all my mails with a faked envelope. The to address has to contain an mailinglist or something like that which bounces emails for people who are not listed and the return address should be the person where the spam has to go. The mailserver (when configured to comply with RFC) should send the bounce directly to the person who should recieve the spam. This is only working if the spamfilter like spamassassin doesn’t act after the SMTP dialog has finished.
I didn’t try it but it could be exploited at some point. Due to the fact that there are many hosts who doesn’t send bounces anymore (in Germany some of the government servers has bounces off) or has the spamfilter integrated in the smtp dialog which scans the mail while delivering it shouldn’t be a big problem. But it could…