[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: test of non-subscribed user

Kjetil Kjernsmo <kjetil@kjernsmo.net> writes:

> (Aside: I do that by having a line <link rel="NeverEMail"
> href="mailto:james.w.smith@kjernsmo.net";> in many web pages, and that
> works excellently, this address is harvested and spammed, and when that
> happens, the intention is that subsequent mail is stopped. This markup
> may not work in the future, though, as more User Agents start to support
> the link element).

I've got a few traps like that on my web-pages; a user browsing the
rendered page will never see anything untoward, but a very stupid or a
malicious bot will add itself to a list of IP#s blocked in .htaccess dead

I've seen this linked to within a /30 of an email-spammer's IP# as well.
Boy was I chuffed :)

> This is why I think it may be spammers who actually do this, it is easy
> to see that spammers can drastically reduce the value of Razor by sending
> it large amounts of legitimate e-mail from the lists that Razor-users
> would normally use.

It's been a known phenomenon for a considerable number of months, in the
right circles. This is why advertising your trap addresses with the words
`razor' or `pit' or `dump' in them is a really *bad* idea.

> I hear that the new Razor has some trust-model, that may be able to
> address this.

It's not particularly new, either. Razor2, been out for a large number of
months, has had a trust-model for submitting in the name of a given UID, so
that the ID can be scored.

I'm not sure of the dynamics of this, but `Listed in Razor' sounds to me
like it's lacking refinement - "listed in razor by 10 mostly reliable
people" would be far more like it.

> Actually, I think we're in a arms-race with the spammers that requires
> the spam-tools to updated more frequently than the normal release-cycle
> would accomodate for, but that's another story.

Let's not lose sight of the small fact that the original problem is the use
of a mailing-list to propagate spam, and that when a spammer starts hitting
a list repeatedly, the responsible thing to do is block that cretin as
accurately as possible.
In such an instance, I would say that sending an accurately identified
subset of mailing-list traffic to Razor2 was very well justified.


Reply to: