[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system
Brad Jorsch
anomie at users.sourceforge.net
Mon Jan 29 12:47:23 EST 2007
On Mon, Jan 29, 2007 at 11:23:50AM -0500, jonc wrote:
> Excellent point, but then we have a known Mailserver that is spewing
> fake-mail. You can either drop all mail from this server - or examine
> the digital key header for all email coming from this server and drop
> the fake ones.
We have that today, to 99.99% certainty anyway: anything on a reputable
DUL (e.g. not SORBS).
> If we run server-to-server traffic on a different protocol (also
> suggested earlier) we can actually leave the suspect mail on the suspect
> server and not download/accept the email until we have verified the
> authenticity of each email.
>
> This leaves the spammers server bunched up with his *own* spam... :-)
This really doesn't do much. The spammer stores 1 copy, a huge list of
addresses, and the PRNG seed for the message-mutator (or he hashes the
address and a per-message salt to get the seed and saves 4 bytes per
address). This is where any "make the spammer have to store every spam
he sends" anti-spam method breaks down.
More information about the TriLUG
mailing list