nanog mailing list archives
Re: Verisign changes violates RFC2821, and spam implications
From: Andy Smith <andy () strugglers net>
Date: Wed, 17 Sep 2003 11:07:28 +0100
On Wed, Sep 17, 2003 at 04:40:29AM -0500, Stewart, William C (Bill), RTSLS wrote:
It's even more fun with dictionary attacks, where the spammer targets aaaaaa () bogusdomain com through zzzzzzzzz () bogusdomain com - A DNS rejection would cause a direct attacker or (more likely) a relay attacker to give up quickly, and a 554 might do that also, while rejecting all 26**8 recipients one at a time is probably just the kind of behaviour that spamware is happy to talk to all day. Now all Verisign needs to add is a teergrube function to generate its responses very slowly after the first couple of them and they'll stay tied up for months, especially since many of them won't notice that bogusdomain1.com through bogusdomain32767.com are all going to the same IP address, since that's not uncommon virtual hosting behaviour.
I think it is hoping rather too much to expect spamware authors to be unable to modify their scripts to detect the verisign IP.
Current thread:
- Re: Verisign changes violates RFC2821, and spam implications Stewart, William C (Bill), RTSLS (Sep 17)
- Re: Verisign changes violates RFC2821, and spam implications Andy Smith (Sep 17)
- Re: Verisign changes violates RFC2821, and spam implications Stephen J. Wilcox (Sep 17)
- Re: Verisign changes violates RFC2821, and spam implications Bruce Campbell (Sep 17)