Re: test of non-subscribed user
Kjetil Kjernsmo <email@example.com> writes:
> (Aside: I do that by having a line <link rel="NeverEMail"
> href="mailto:firstname.lastname@example.org"> in many web pages, and that
> works excellently, this address is harvested and spammed, and when that
> happens, the intention is that subsequent mail is stopped. This markup
> may not work in the future, though, as more User Agents start to support
> the link element).
I've got a few traps like that on my web-pages; a user browsing the
rendered page will never see anything untoward, but a very stupid or a
malicious bot will add itself to a list of IP#s blocked in .htaccess dead
I've seen this linked to within a /30 of an email-spammer's IP# as well.
Boy was I chuffed :)
> This is why I think it may be spammers who actually do this, it is easy
> to see that spammers can drastically reduce the value of Razor by sending
> it large amounts of legitimate e-mail from the lists that Razor-users
> would normally use.
It's been a known phenomenon for a considerable number of months, in the
right circles. This is why advertising your trap addresses with the words
`razor' or `pit' or `dump' in them is a really *bad* idea.
> I hear that the new Razor has some trust-model, that may be able to
> address this.
It's not particularly new, either. Razor2, been out for a large number of
months, has had a trust-model for submitting in the name of a given UID, so
that the ID can be scored.
I'm not sure of the dynamics of this, but `Listed in Razor' sounds to me
like it's lacking refinement - "listed in razor by 10 mostly reliable
people" would be far more like it.
> Actually, I think we're in a arms-race with the spammers that requires
> the spam-tools to updated more frequently than the normal release-cycle
> would accomodate for, but that's another story.
Let's not lose sight of the small fact that the original problem is the use
of a mailing-list to propagate spam, and that when a spammer starts hitting
a list repeatedly, the responsible thing to do is block that cretin as
accurately as possible.
In such an instance, I would say that sending an accurately identified
subset of mailing-list traffic to Razor2 was very well justified.