<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Anti-spam WG draft minutes RIPE 46

  • To: "'RIPE anti-spam WG '" < >
  • From: "pna.lists" < >
  • Date: Sat, 6 Sep 2003 22:02:33 +0200

> http://www.cluecentral.net/ripe46/
> For the research a few addresses created specially for the
> experiment in a new domain were planted in various places. The
(...)
> For comparison, a study by the Centre for Democracy and Technology
> recorded how long it took for mail addresses to _stop_ being used.
> On the whole, surprisingly quickly.
> http://www.cdt.org/speech/spam/030319spamreport.shtml

Both reports are useful and inetresting. Has anybody tried posting something
like the following scripts on a frequently visited website?
http://www.spywareinfo.com/harvest_project/join.php

http://www.kungfugrippe.com/previously/002462.php
(generates spambot baits like
Remote.IP.Add.ress_YYMMDDHHMMSS@localhost, so you can see where did
the e-mail address harvester come from).


> I can't imagine any reason why someone would need to have a backup MX
> these days. It was most useful years back when leased lines were
> expensive and congested and the goal was to bring the mail at least closer
> to the destination and to cheaper and faster lines. It was also helpful
> to help mailservers meet that were behind flaky lines and the
> probability to have both of the up at the same time was low.
> Today, if a mailserver is down, you either have a standby system to
> take over or you have a load balancer and a cluster. In neither case you
> need backup MX servers.

Why to do something complicated when you cn do something simple? And don't
forget about mailservers which cannot be prevented from being open relays
(or whose administrators or suppliers aren't willing to fix it). You can
just block any incoming SMTP traffic to that host from whole world except
the seconrady MX servers. The hole is closed and the mailserver is even
protected against this type of attack:
http://www.securityfocus.com/archive/1/209116
(Lotus Domino DoS reported on Aug 20th, 2001 at BugTraq; I don't advocate
running vulnerable machines, but these situations happen frequently when you
are an ISP...)


Regards,
Petr Nachtmann




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>