On Wednesday, May 27, 2009, 1:39:11 AM, Justin Mason wrote:
> Yes.  it immediately exposes a backchannel from the spam to the spammer,
> thereby enabling a number of interesting security holes.

> --j.

Yes, it's impractical for some of the reasons Rob mentions, and
it would also allow any of the following:

1.  Listwashing
2.  Mapping out of spam traps
3.  Poisoning of spam traps
4.  Confirming delivery of spams and email addresses
etc.

Jeff C.

> On Wed, May 27, 2009 at 05:25, Rob McEwen <r...@invaluement.com> wrote:
>> Jason Haar wrote:
>>> Why can't SURBL be expanded to support
>>> full URLs instead of just the hostname? That way you could blacklist
>>> "a.bad.domain" as well as "xttx://tinyurl . com/redirect-to-bad-domain"?
>>> Some form of BASE64 encoding would be needed of course, but why not?
>>
>> Because spammers could easily generate a unique URL for each individual
>> spam. They could then map this back to listings in URI blacklists and
>> use that as a very cheap and effective way to listwash. And they only
>> need to add a single astricked hostname in their DNS server to
>> accomplish this. As a result of this and similar tactics, URI lists
>> would bloat exponentially and this would slow down the propagation of
>> the data to rsync users and to DNS mirrors, as well as bringing the
>> backend processing to its knees. Finally, there is some amount of
>> reputation and registration (even if hidden) associated with a domain
>> due to the fact that a domain *requires* ownership. URLs and subdomains
>> are more ambiguous, which then also makes removal requests extremely
>> subjective and murky process.


Reply via email to