[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Please confirm your message

Today, Stephen Zander <gibreel@debian.org> wrote:
>>>>>> "Jan" == Jan Niehusmann <jan@debian.org> writes:
>     Jan> Time will tell. I fear that some day, the only way to use
>     Jan> email productively is to block all email with invalid sender
>     Jan> adresses. And I don't know a way do valdiate a (not yet
>     Jan> known) address but to try it and send a reply.  If you
>     Jan> combine that with some autoresponders on both ends, no human
>     Jan> interaction would be needed, so annoyance should go down.
> The above is based on the false premise that those who send spam are
> incapable of sending it with (forged) real email addresses.  They
> already have lots of them to choose from.

Right. I just thought up a scheme to exploit this, based on the fake
source-IP address approach you find in descriptions of ping-floods.

a) Spammer finds an autoresponder
b) Spammer sends many mails with Reply-To: header chosen from a
   know-to-work address list
c) Reply-To:ed people receive the bounced mail and are annoyed.

So, ones selfishness (by using such spam "filtering" approaches) can be
used against the person running the filter. If the filter is configured
so that it doesn't send the Received: lines, it actually acts as a
pseudo-anonymysing relay.

Thus, my conclusion: These things are evil. Don't use them or somebody
might use them against you, eventually.

Andreas Fuchs, <asf@acm.org>, asf@jabber.at, antifuchs
Hail RMS! Hail Cthulhu! Hail Eris! All hail Discordia!

Attachment: pgpO1rbm5wUIG.pgp
Description: PGP signature

Reply to: