[Note: The following was written before the incident recorded in ticket 119 happened]
Not only are spammers completely clueless; it gets scary when even big, legitimate sites seem to be exhibiting the same cluelessness
Recently, there is a worrisome trend regarding testing of insecure SMTP relays. Spammers probe servers with “MAIL FROM” and “RCPT TO” commands to the smtp port, and, when the server replies “200 OK”, the spammer will happily try to send spam through the newly-found “insecure” server.
(Indeed, this host has seen numerous such probes recently, mostly from Korea and mainland China, — and in fact even attempts to hijack the server to deliver spam. Considering that I don't have much bandwidth for such junk traffic, nor infinite disk space to log or hold such junk, all these probing and hijacking attempts could be deemed DoS attacks against this server; The wished-for relaying never happens, since this server does do relay checks, though not interactively. Incidentally, the fact that relay checks are performed as batch jobs on this server is intentional; this places a deterministic load on the server, while interactive relay checks would give the server an undeterministic load.)
The operators of clueful anti-spam sites, like ORDB, know that such simplistic interactive probing is groundless, since acceptance of “RCPT TO” does not imply actual acceptance of the message — the message might be rejected later — clueful probes (such as those performed by ORDB) test for actual delivery, not just acceptance, of the probe message.
One might argue that the spammers' clueless behaviour is to be expected, since spammers are clueless about how email works, as evidenced by their “harvesting” of message identifiers (Message-ID's), truncated email addreses, and other such things that are not email addresses. And the fact that a significant number of spams contains syntax errors in the message headers also speaks a lot about just how clueless spammers are.
Yet this is in fact a worrisome thing, as even legitimate and supposedly-clueful sites, such as SourceForge or even the Free Software Foundation, do this kind of “checking” just like the clueless spammers. When someone posts to a SourceForge-hosted mailing list, the SourceForge server will probe the sender domain's server using RCPT TO, in a (misguided) attempt to check whether the sender exists, and whether there is a postmaster account; the same happens when someone posts to a FSF-hosted mailing list. Evident to anyone who had used the Internet for more than a decade, this kind of checking is very certainly based on faulty thinking; it shows a lack of understanding of the “messaging model”, i.e., a lack of understanding of how email actually works.
Does the big sites do such checks only because they mostly work? Alas, doing such things does more damage than is obvious: Most people already do not know about anything about non-SMTP email (not than they really know about SMTP very much); when the big sites do such things, people's misconceptions about SMTP being the only valid form of email are reinforced, resulting from follies such as proposals to replace SMTP with a new protocol where email is never actually sent!