On Thu, Jul 05, 2007 at 08:35:00AM -0700, Darrin Chandler wrote: > I thought about this a while back, and I found a weakness. Now, I > haven't seen this used, but it's trivially possible. Here's the deal: > > You publish spamtrap addresses, and of course you make them easily > recognizable as such so you don't trap real people. Spammers spend a > very small amount of effort and harvest spamtrap addresses *on purpose* > and use them as sender addresses (joe job). The result being, of course, > that you blacklist significant valid portions of the internet. Am I > wrong here?
That should significantly cut down on spam! I think spamtrap addresses only cause blacklisting when they're the recipient. Now, a DOS attack _could_ be to log into legitimate ISPs like Yahoo, Gmail, MSN, AOL, ... and flood your server with messages to your Spam Trap addresses. If you're not specifically whitelisting those addresses (with a no rdr rule or something), then you'll be blacklisting legitimate senders. I think there's too much work involved in doing that. But I've been wrong before. Correct me if I'm wrong (or don't get your scenario). -ME
