Security Incidents mailing list archives
Re: email address probes
From: Kee Hinckley <nazgul () somewhere com>
Date: Wed, 5 Feb 2003 21:01:26 -0500
At 8:54 PM +0000 2/5/03, Andy Bastien wrote:
which we don't want to block. I suppose that we could accept the emails and dump them to /dev/null (or to some tarpit account so that we can inspect them) instead of replying with a "550 User unknown," but I suspect that this could cause us more headaches in the future. Does anyone have any suggestions as to how we could handle this problem?
The only solution I know of is to tarpit the server based on number of bounces. The more it bounces, the more slowly you get around to handling responses from it. I don't know of any off-the-shelf solutions that to do that though. And furthermore, if you start doing it, they'll just start distributing the tests across different targets--so then you'll need a distributed tarpit database similar to the RBLs.
-- Kee Hinckley http://www.puremessaging.com/ Junk-Free Email Filtering http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- email address probes Andy Bastien (Feb 05)
- Re: email address probes Kee Hinckley (Feb 06)
- Re: email address probes Brad Arlt (Feb 06)
- Re: email address probes james (Feb 06)
- Re: email address probes Brad Arlt (Feb 07)
- Re: email address probes Greg A. Woods (Feb 06)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- RE: email address probes Rob Shein (Feb 07)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- Re: email address probes Dave Laird (Feb 06)
- Re: email address probes Ned Fleming (Feb 06)
- Re: email address probes Andy Bastien (Feb 07)
- <Possible follow-ups>
- RE: email address probes Johann Kruse (Feb 06)