I always wondered the following: how do infected computers send emails? I read all the stories of large botnets sending 1-2 billion emails a day. When I use the SMTP server of my ISP and I try to send my newsletter to less then 100 people my ISPs SMTP server blocks. I tried to do this by multiple friends (with all different ISPs) and it was all the same. But how can these bonnets produce such a large volume of email when I cant even send 100?
Thanks in advance, Jori.
They are not trying to abuse the system, they only sent small amount of mail. But if you have (just an unreallistic example) 10k computers infected, each sending 25 mails every hours. You end up with 10k * 25 * 24 = 6 000 000 mail/day.
After that, you just have to scale that 3 numbers and you can have a massive spam bot. You can take a look at this article in wikipedia for example of sizes and capacities.
I'm not sure, but I could imagine the zombies don't (only) use the SMTP server your ISP provides but directly connect to the recipients SMTP server or some other (open) SMTP relay. So connecting to 100 servers simultaneously, sending 10 mails each, results in 1000 mails sent (from one zombie).
Even if such mails are often blocked (e.g. by graylisting, blocking dynamic IPs or some other technique) some are probably not. It does not cost the botnets operator anything to simply try it: If the mail is delivered that's good (for the botnets operator), if not that's no problem.
