Spammer spoofing

[Peter Bishop]

In the past I had some emails without a "Subject:" line or content
I suspected these came from spamlist validators, who send out probe 
messages to check the "liveness" of the address, i.e.
 "no bounce" implies the address is a "live" spam target, 
while "bounce" indicates the target is now "dead".

After these probes my monthly spams grew rapidly
- rising from around 2000 to 3800 over a few months.

I reasoned that if the validators were sent a bounce message
there was a good chance I would be taken off the list.
So I inserted the following recipe into my procmail script.

# pretend user does not exist if looks like "probe"
:0H
* !^Subject:
{ EXITCODE=67 HOST }

Since that time, my spam level has fallen back to around 2000
per month, and has remained stable for the last 4 months
(maybe from spammers who don't bother to use validated lists)

Of course, this might just be coincidence, but it is good that the
ever increasing spam levels have stabilised (for the moment anyway)
-- 
Peter Bishop 
pgb at adelard.com
pgb at csr.city.ac.uk