On Wednesday, May 27, 2009, 1:39:11 AM, Justin Mason wrote: > Yes. it immediately exposes a backchannel from the spam to the spammer, > thereby enabling a number of interesting security holes.
> --j. Yes, it's impractical for some of the reasons Rob mentions, and it would also allow any of the following: 1. Listwashing 2. Mapping out of spam traps 3. Poisoning of spam traps 4. Confirming delivery of spams and email addresses etc. Jeff C. > On Wed, May 27, 2009 at 05:25, Rob McEwen <r...@invaluement.com> wrote: >> Jason Haar wrote: >>> Why can't SURBL be expanded to support >>> full URLs instead of just the hostname? That way you could blacklist >>> "a.bad.domain" as well as "xttx://tinyurl . com/redirect-to-bad-domain"? >>> Some form of BASE64 encoding would be needed of course, but why not? >> >> Because spammers could easily generate a unique URL for each individual >> spam. They could then map this back to listings in URI blacklists and >> use that as a very cheap and effective way to listwash. And they only >> need to add a single astricked hostname in their DNS server to >> accomplish this. As a result of this and similar tactics, URI lists >> would bloat exponentially and this would slow down the propagation of >> the data to rsync users and to DNS mirrors, as well as bringing the >> backend processing to its knees. Finally, there is some amount of >> reputation and registration (even if hidden) associated with a domain >> due to the fact that a domain *requires* ownership. URLs and subdomains >> are more ambiguous, which then also makes removal requests extremely >> subjective and murky process.