[62272] in North American Network Operators' Group
Re: Verisign changes violates RFC2821, and spam implications
daemon@ATHENA.MIT.EDU (Andy Smith)
Wed Sep 17 06:08:10 2003
Date: Wed, 17 Sep 2003 11:07:28 +0100
From: Andy Smith <andy@strugglers.net>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <5AFA5A2C102DAB4692ABC1E87E0780CA05315997@OCCLUST02EVS1.ugd.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Sep 17, 2003 at 04:40:29AM -0500, Stewart, William C (Bill), RTSLS wrote:
> It's even more fun with dictionary attacks, where the spammer targets aaaaaa@bogusdomain.com
> through zzzzzzzzz@bogusdomain.com - A DNS rejection would cause a direct attacker
> or (more likely) a relay attacker to give up quickly, and a 554 might do that also,
> while rejecting all 26**8 recipients one at a time is probably just the kind of behaviour
> that spamware is happy to talk to all day. Now all Verisign needs to add is a teergrube function
> to generate its responses very slowly after the first couple of them and they'll stay tied up for months,
> especially since many of them won't notice that bogusdomain1.com through bogusdomain32767.com
> are all going to the same IP address, since that's not uncommon virtual hosting behaviour.
I think it is hoping rather too much to expect spamware authors to
be unable to modify their scripts to detect the verisign IP.
