(note, I'm guessing at the appropriate mailing list for cross-post)
Dennis Davis wrote:
> http://code.google.com/p/anti-phishing-email-reply/
>
> is also useful as it attempts to detail the compromised accounts.
> Just block/quarantine email for those accounts.
Interesting ... this seems like it would be best served by DNS in a
manner similar to URIBLs ... does such an "emailBL" exist?
A lookup for 8h...@osu.edu (pulled from the live list) on emailBL
server "emailbl.org" could look like this:
$ host 8help.AT.osu.edu.emailbl.org
8help.AT.osu.edu.emailbl.org has address 127.0.0.1
$ host -t txt 8help.AT.osu.edu.emailbl.org
8help.AT.osu.edu.emailbl.org has descriptive text "20090310"
$
This maps 127.0.0.1 to type A, .2 to type B, etc. Expirations, if
even necessary given the fact that the DNS entries should be updated
by the server, would be in the TXT records as illustrated above.
Since email addresses contain everything a valid domain can contain,
the user.AT.domain.tld (which is really user.at.domain.tld since
domains are not case-sensitive) could be ambiguous if the "user" or
the "domain" contains ".at." in itself, or whatever workaround we
create. My proposed workaround is ".real-at." and an incremented
numeric suffix like ".real-at2." if needed. As to pluses, just snip
them and their trailing data out.
8h...@osu.edu -> 8help.at.osu.edu
portal.ac.at....@live.com -> portal.ac.at.edu.real-at.live.com
123+...@789.xyz -> 123.at.789.xyz
abc.real-at....@ghi.jkl -> abc.real-at.def.real-at1.ghi.jkl
mno.real-at5....@stu.vwx -> mno.real-at5.pqr.real-at6.stu.vwx
y.real-at99...@a.at.real-at2.bc ->
y.real-at4.z.real-at1000.a.at.real-at999.bc
This workaround should only find trouble when there are so many digits
that the overflow creates an invalid email address, which isn't a
realistic problem.
(Oh crap, is this a draft for an RFC?)
