testing "nolisting" -- please help

2 views
Skip to first unread message

totojepast

unread,
Dec 30, 2007, 3:44:26 PM12/30/07
to
I am currently testing a recently discovered antispam technique called
"nolisting" (http://nolisting.org/, http://en.wikipedia.org/wiki/Nolisting)
and I would like to check if it works well when receiving e-mail from
various mailservers like old versions of Novell GroupWise, exotic webmails,
e-mail clients inside gaming consoles / cellphones / game consoles etc.

Please could you send a blank test message to the following two test e-mail
addresses?

x...@koukat.cz, x...@ehelp.cz

One of those addresses utilizes nolisting, while the other does not.

I do not intend to collect any test participants' e-mail addreses so it does
not matter if you would change your address in the text messages.

Regards,

TJP


Spam Guy

unread,
Dec 30, 2007, 6:08:17 PM12/30/07
to
totojepast wrote:

> I am currently testing a recently discovered antispam technique
> called "nolisting" (http://nolisting.org/,
> http://en.wikipedia.org/wiki/Nolisting)

Since you've cross-posted this to about 8 groups, I'm going to send
out some replies (I'm limited to 5 groups) and I have to set a
follow-up group (which setting to alt.spam).

The theory as mentioned here:

http://nolisting.org/

goes like this:

"It has been observed that when a domain has both a primary (high
priority, low number) and a secondary (low priority, high number) MX
record configured in DNS, overall SMTP connections will decrease when
the primary MX is unavailable. "

I believe that most theories about spam are such that when there is
more than one MTA listed in an MX record, that spammers always try
sending first (and possibly only) to the LOWEST listed MTA. The
theory being that low-order MTA's are used only for backup and chances
are they are not well fortified against spam compared with the
higher-order MTA's.

My own personal experience is this: I've been running a mail server
for a small organization since about 1998. In late 2005 I mistakenly
removed my MX record, but that had no effect on the reception of good
or legit e-mail, but zombie-spam (direct-to-mx spam) dropped by 75%.
The reason was that in the absence of an MX record, RFC's state that
the fallback is to try the A record. Our A record points to our mail
server, hence we continued to receive legit e-mail. I've been running
our server for the past 2 years in that configuration, and after the
huge drop our spam is in fact decreasing.

I don't know who operates the above-mentioned website, or if they
participate in any usenet spam-related discussions, but I think what
I've written above should be brought to their attention.

Spam Guy

unread,
Dec 31, 2007, 11:04:59 AM12/31/07
to
Landmark wrote:

> > So, you're saying that without an MX record, some spammers
> > do/did not bother to send their trash (to you) at all?
>
> No,

Yes.

> he's saying that with his misconfigured server he believes his
> spam has dropped off

"Belives my spam has dropped" ?

How about "I know my spam has dropped" you fool. Or don't you believe
that you can count the number of delivered spam to a given account?
I've posted my numbers before, and you have nothing to say each time I
do.

> which may well be true in the case of "fire and forget" spam

"fire and forget" spam - when did you invent that term?

The more commonly used term is "zombie spam" or "direct-to-mx" spam,
which is by far the most prevalent source of e-mail spam for the past
5 years.

> but more importantly, he beleives no legit mails are
> being afffected, but he has never tested this,

And how does one go about testing this? Do you propose asking the
postmaster of every domain on the planet to send you an e-mail?

Our organization has been in business for 15 years. We've been
operating various e-mail accounts at our domain since 1996. We are in
daily e-mail contact with a base of a few thousand clients in Europe,
Asia, Australia, US/Canada. We have experienced no interruption in
e-mail communication with any of them over the past 2 years, and
during those 2 years we engaged in e-mail contact with a few hundred
new people. That's proof enough for me that A-record fallback when MX
lookup fails is pretty much universal (and reliable) behavior.

You can be argumentative and bull-headed and say it's not proof
enough, even though it's in the RFC's, and even though there is no
practical test that would satisfy you anyways.

> only asserted that since he is getting some mail he therefore
> believes he is getting all mail. There is an obvious flaw in
> his logic.

Given the base of prospects from which we would expect to get e-mail
from, and given the 2-year span that we've been operating without an
MX record, then according to your logic we should have received at
least one communication from someone (either by phone, or from an
alternate e-mail account, or by fax) that they are having problems
e-mailing us. We have received no such communication.

> This is in marked contrast to TGP who is doing a proper test
> of NoListing. The author of NoListing is also markedly different
> from SpamGuy in that he carefully sets out the limitations of
> the method, and the things to take into account before
> adopting the NoLisitng technique.

The author of NoListing is proposing an MX configuration that could
also result in the delivery failure of legit e-mail from MTA's that
don't know how to properly handle serialized servers combined with the
strategic failure of some of them. In fact, I'd argue that such a
configuration is more prone to legit-delivery-failure vs a simpler
mx-lookup-failure strategy.

Spam Guy

unread,
Jan 1, 2008, 6:00:11 PM1/1/08
to
Landmark wrote:

> >"fire and forget" spam? When did you invent that term?

> "Zombie spam" is spam which originates from a zombied PC, or a
> PC which is part of a botnet. It says nothing about the method
> which the zombie is using to deliver the spam.

Are there more than these two methods - either a stripped-down SMTP
engine with no error-handling capacity, or a full SMTP engine with
complete error-handling capacity?

If there are zombies that are somehow configured to send via a valid
MTA, then there isin't much written about them.

Most zombies are stripped-down SMTP engines that naturally perform
direct-to-MX. I know that most are stripped-down because most of my
spam stopped immediately when my MX record was nuked, and also because
greylisting (and apparently "nolisting") has emerged as anti-spam
techniques.

There was a lot of speculation a few years ago that the next big wave
of spam would come from zombies using their own ISP's output MTA's,
but I don't think I've ever seen a single example of that.

There is no doubt that some zombies know how to handle MX-lookup
failures since I am receiving some of that - most notibly from "Health
Nation SE".

> Direct to MX is not confined to zombies. There are PC desktop
> packages which implement direct to MX.

Can you point to any stats or anything published that even mentions
the prevalence of the use of such packages?

Direct to MX remains a defacto hallmark of zombie spam unless you can
point to something authoritative to the contrary.

The only other significant method that zombies use is to send via free
mail servers like yahoo and hotmail, so in that sense they are used as
relays.

"Fire and Forget" is a seldom-used phrase to describe spam. The very
nature of spam is "fire and forget", so using that phrase is actually
redundant.

> I notice that you have decided to cross post your reply to a
> number of newsgroups, quoting me, even though ...

I was trying to maintain thread-contact with the OP who made the
original choice to cross-post to about 8 groups.

The NNTP server I use doesn't allow cross-posting to more than 3
groups without adding a "follow-up:" group. So my replies have
included all of the original 8 groups. I haven't seen the OP respond
to any of these posts however.

Reply all
Reply to author
Forward
0 new messages