After reading an article on Botnets (Botnets now account for 87.9 per cent of all spam sent as new senders are detected.) it got me thinking ... just how do Botnets really send spam. Do bots make use of open email relays like spammers used to do or do bots use another method to send spam to their victims? I've searched and can't find any details on how botnets send spam.

TIA

xXxKrisxXx,

I watched those vids on YouTube yesterday as well as the others from SecuManiaOrg regarding botnets and they are pretty good. But they don't explain exactly how spam is sent via a botnet. Google hasn't provided details either. I'm wondering if the command to bots to send spam have an open email relay address in the command instructions or some other method. But then I thought that you'd hope that open mail relays are blocked, or blacklisted etc..

Thing you're missing there, some providers are blocking port 25 access to their customers. Mine does. When I was using my home connection to test my work sever for an open relay (we were on an RBL), I couldn't connect to port 25 on the mail server for work.

From what I was told by my provider, AT&T, it's becoming more of a standard practice to block the SMTP traffic for the users. I was able to get mine unblocked because I have a static ip address for home. Otherwise they wouldn't unblock it. It would also make having a bot net with and SMTP server on the zombie a little more ineffective.

Ketchup,
the way it was explained to me, was users that required dhcp (Home Users for the most part since their business clients got statics) have port 25 blocked where it goes out of the uverse network. They also push the web based email model. They did say that their reason to do it was to cut down on bots on their network.

When I called, it wasn't a very friendly customer service call (since I'm paying extra for a static ip address).

I don't know what other ISPs are doing this, but AT&T said they were not the only one.

While 800 spam bots would still send out a lot of data, it's effectively killed 200, and if the practice spreads, it could kill more.

Found some info that explains more detail about bots sending spam:

Bot herders love to use the SOCKS proxy to spam. A bot master simply enables the SOCKS proxy on one of his bots, then redirects his SOCKS-compatible, mass emailing program to the IP address of that bot. This causes the email program to send email using that bot as a relay. If an anti-spam program blacklists the bot's IP address, the herder activates the SOCKS proxy on another bot, and his spam seems to originate from a new, clean IP address.

Furthermore, the bot herder can use a SOCKS proxy to anonymize just about any network traffic. And in Rxbot, for instance, activating the SOCKS proxy is simple: one six-letter command initiates all those anonymizing benefits.

Source: http://www.doraz.net/uni/sicurezza/2_IntroToToday%27sBotnetAttacks.htm