[70563] in North American Network Operators' Group
Re: backscatter hosts
daemon@ATHENA.MIT.EDU (John Capo)
Wed May 19 12:19:46 2004
Date: Wed, 19 May 2004 12:18:56 -0400
From: John Capo <jc@irbs.com>
To: nanog@merit.edu
Reply-To: jc@irbs.com
In-Reply-To: <20040518233142.GJ26942@hesketh.com>
Errors-To: owner-nanog-outgoing@merit.edu
Quoting Steven Champeon (schampeo@hesketh.com):
>
> It's not really my business why a hotmail.com MX accepted mail it
> couldn't deliver. I could care less /why/. It's up to hotmail to fix
> their systems - I don't care how they perform that background check on
> quota.
Exactly.
>
> It's my business that over the past sixty days, we've had to reject over
> 23K of these, and had rejected some 130K in three weeks during March, at
> the peak of the joe job. At one point, backscatter accounted for 70% of
> my inbound email traffic on one host. Almost made the usual spam and
> virus look like background noise.
>
36K backscatter rejects from hotmail yesterday but only 2K from
AOL. AOL has really got their act together compared to hotmail,
verizon, comcast, and the like.
May 18 00:00:05 mx1 postfix/smtpd[11977]: 6F8F315DC0: reject: RCPT from mc1-s21.bay6.hotmail.com[65.54.163.161]: 550 <xjlljuzisexmj@tuffmail.co.uk>: Recipient address rejected: User unknown; Probably forged by Alan Ralsky; from=<> to=<xjlljuzisexmj@tuffmail.co.uk> proto=ESMTP helo=<mc1-s21.hotmail.com>
It was 80K daily from hotmail till I dropped the MX records for 4
of the domains being forged. If anyone would like to test their
capability to reject 1+ million a day I can point the MX records
to your servers. :-)
John Capo
Tuffmail.com
