On Wednesday, September 27, 2006 10:58 AM -0500, Michael Marsh wrote: > On 9/27/06, Kamaraju Kusumanchi <[EMAIL PROTECTED]> wrote: > > If murphy is sending spamtraps, it deserves to be listed. period. > > Um, murphy sends confirmation email to any address registered > through the web interface. Even if you changed this to > email-to-subscribe without a web option, addresses can be spoofed. > This isn't about spam coming from murphy, it's about a denial of > service attack against it. > > I suppose another option is to have the confirmations handled by a > different host, though this still allows an attacker to DoS the > confirmation server through spamcop, so that people using spamcop > can no longer subscribe nor unsubscribe.
I agree with Michael: tricking a server that responsibly sends out confirmation messages into sending one to a spamtrap is about denial of service. I also agree with Kumaraju that sending mail to spamtraps should get anyone listed. If your server is not otherwise a spam source, and the DoS continues, you should expect to get the server whitelisted. However, it is your responsibility, and not the DNSBL maintainer, to make sure this happens. It's a rather nasty form of DoS, as it uses an organization that tries to fight network abuse to cause problems for the FLOSS community. Worst of all, the Debian listmasters have swallowed the bait. That's why it is important, whether people like SpamCop or not, to arrange to get murphy whitelisted. Complaining that SpamCop is cluelessly administered won't convince many to stop using SpamCop, yet will convince some that the Debian community has an attitude problem. Either way, the people perpetrating the DoS win, though it turns out differently if we cooperate with SpamCop. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
