LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Spamcop problems

Scott Fendley <[log in to unmask]>

Thu, 28 Jul 2005 14:35:32 -0500

text/plain (52 lines)

That is all well and good, but does that not make it vastly easier to 
identify the userids on your system. In turn you can use that vastly 
smaller list of userids to attempt to brute force passwords on the 
mail server, and potentially use it as recon for other nefarious endeavors.

In the world of mailing lists, it is quite common (due to spam) to 
have edited or moderated lists.  Having lists of this manner will 
cause a fundamental problem in the logic of spamcop's spamtrap 
functionality.  By default, these lists have a series of steps that 
allow the listowner to handle the mail with appropriate human 
analysis and as such will cause you to accept the email prior to 
reject/discard actions.

Say an email with one of the spamtrap address in the from field goes 
to a mailing list that is edited/moderated.  An email is sent to the 
list-owner/moderators to either approve, disapprove, or discard the 
email (depending on the mailing list server in use).  Additionally, 
an email is sent to the from address  as well to note that the list 
is moderated and that the email has been forwarded to the appropriate 
parties for approval.   At this point, we have already failed to 
reject it quickly enough for Spamcop's tastes. In their mind, we have 
accepted the original SMTP transaction, and have 
replied/bounced/acknowledged the email.  So,  spamcop can (and 
probably does) blackhole sites that are doing things as the normal 
course of business of these lists.

Should you just configure moderated mailing lists in a way that they 
do not receive feedback that the mail had been received and the post 
is delayed due to the moderation?  That could cause more confusion 
that what it is worth.

The idea of such spamtrap addresses being used for research and 
analysis is great, just in the same way that honeypots are a great 
tool.   But they do not lend enough untainted data that should be 
used in the "judge and jury" decisions that spamcop is creating.  If 
email reaches an address, they have already prejudged you to be 
guilty of something and sentence you to blacklists.

My university recently ended up in the same blacklist recently and 
they basically said that we must re-configure our lists to not be so 
nice at automatically responding to emails.

--Scott

At 11:54 AM 7/28/2005, Mark R. Williamson wrote:
>At 16:07 +0200 2005-07-28, Eric Thomas wrote:
>>When an innocent site receives mail to an address that does not exist, it is
>>required by Internet standards to bounce it. Strike one.
>
>Rejecting it during the SMTP transaction is an acceptable (some would
>say vastly preferable) alternative.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM