ISC Diary: Spam Storm effecting Canada

Today’s SANS handler diary notes a SPAM storm is effecting the availability of mail servers at some companies in Canada.
Its always amusing to note spammer mistakes in formulating the email addresses. In this case it looks like they are using $firstname$randomword$lastname. That’s not going to work very well. ๐Ÿ™‚ The sheer volume, is causing some issue though.
The handler suggests that it is a best practice to reject email for bad addresses at your MTA, immediately after receiving the a bad RCPT TO. I agree that will prevent a whole lot of unnecessary mail processing. I am concerned though that in the absence of additional software, this will assist the spammer with address harvesting. If the bad guy can determine that you only accept valid addresses, and you don’t have a mechanism to kill directory harvesting attempts, they’ll be able to brute force valid addresses. Companies like Postini (Google) and MessageLabs have this sort of feature. I dont know about other MTAs.