Landmark wrote:

> >"fire and forget" spam? When did you invent that term?

> "Zombie spam" is spam which originates from a zombied PC, or a
> PC which is part of a botnet. It says nothing about the method
> which the zombie is using to deliver the spam.

Are there more than these two methods - either a stripped-down SMTP
engine with no error-handling capacity, or a full SMTP engine with
complete error-handling capacity?

Most zombies are stripped-down SMTP engines that naturally perform
direct-to-MX. I know that most are stripped-down because most of my
spam stopped immediately when my MX record was nuked, and also because
greylisting (and apparently "nolisting") has emerged as anti-spam
techniques.

If there are zombies that are somehow configured to send via a valid
MTA, then there isin't much written about them.

There is no doubt that some zombies know how to handle MX-lookup
failures since I am receiving some of that - most notibly from "Health
Nation SE".

There was a lot of speculation a few years ago that the next big wave
of spam would come from zombies using their own ISP's output MTA's,
but I don't think I've ever seen a single example of that.

> Direct to MX is not confined to zombies. There are PC desktop
> packages which implement direct to MX.

Can you point to any stats or anything published that even mentions
the prevalence of the use of such packages?

Direct to MX remains a defacto hallmark of zombie spam unless you can
point to something authoritative to the contrary.

The only other significant method that zombies use is to send via free
mail servers like yahoo and hotmail, so in that sense they are used as
relays.

"Fire and Forget" is a seldom-used phrase to describe spam. The very
nature of spam is "fire and forget", so using that phrase is actually
redundant.

> I notice that you have decided to cross post your reply to a
> number of newsgroups, quoting me, even though ...

I was trying to maintain thread-contact with the OP who made the
original choice to cross-post to about 8 groups.

The NNTP server I use doesn't allow cross-posting to more than 3
groups without adding a "follow-up:" group. So my replies have
included all of the original 8 groups. I haven't seen the OP respond
to any of these posts however.