Re: test of non-subscribed user

To: debian-security@lists.debian.org
Subject: Re: test of non-subscribed user
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: Mon, 02 Dec 2002 18:08:01 +0000
Message-id: <86fztgfg5a.fsf@potato.vegetable.org.uk>
Reply-to: debian-reply@stirfried.vegetable.org.uk
In-reply-to: <200212021852.27174.kjetil@kjernsmo.net> (Kjetil Kjernsmo's message of "Mon, 2 Dec 2002 18:52:27 +0100")
References: <20021126163000.GO16937@morgul.net> <20021202171141.GC5985@incanus.net> <20021202172543.GC23847@magma.ca> <200212021852.27174.kjetil@kjernsmo.net>

Kjetil Kjernsmo <kjetil@kjernsmo.net> writes:

> (Aside: I do that by having a line <link rel="NeverEMail"
> href="mailto:james.w.smith@kjernsmo.net";> in many web pages, and that
> works excellently, this address is harvested and spammed, and when that
> happens, the intention is that subsequent mail is stopped. This markup
> may not work in the future, though, as more User Agents start to support
> the link element).

I've got a few traps like that on my web-pages; a user browsing the
rendered page will never see anything untoward, but a very stupid or a
malicious bot will add itself to a list of IP#s blocked in .htaccess dead
quickly.

I've seen this linked to within a /30 of an email-spammer's IP# as well.
Boy was I chuffed :)

> This is why I think it may be spammers who actually do this, it is easy
> to see that spammers can drastically reduce the value of Razor by sending
> it large amounts of legitimate e-mail from the lists that Razor-users
> would normally use.

It's been a known phenomenon for a considerable number of months, in the
right circles. This is why advertising your trap addresses with the words
`razor' or `pit' or `dump' in them is a really *bad* idea.

> I hear that the new Razor has some trust-model, that may be able to
> address this.

It's not particularly new, either. Razor2, been out for a large number of
months, has had a trust-model for submitting in the name of a given UID, so
that the ID can be scored.

I'm not sure of the dynamics of this, but `Listed in Razor' sounds to me
like it's lacking refinement - "listed in razor by 10 mostly reliable
people" would be far more like it.

> Actually, I think we're in a arms-race with the spammers that requires
> the spam-tools to updated more frequently than the normal release-cycle
> would accomodate for, but that's another story.

Let's not lose sight of the small fact that the original problem is the use
of a mailing-list to propagate spam, and that when a spammer starts hitting
a list repeatedly, the responsible thing to do is block that cretin as
accurately as possible.
In such an instance, I would say that sending an accurately identified
subset of mailing-list traffic to Razor2 was very well justified.

~Tim
-- 
<http://spodzone.org.uk/>

Reply to:

References:
- Re: test of non-subscribed user
  - From: Nathan E Norman <nnorman@incanus.net>
- Re: test of non-subscribed user
  - From: Raymond Wood <raywood@magma.ca>
- Re: test of non-subscribed user
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

Prev by Date: Re: test of non-subscribed user
Next by Date: Re: test of non-subscribed user
Previous by thread: Re: test of non-subscribed user
Next by thread: Re: test of non-subscribed user
Index(es):
- Date
- Thread