Re: Using Dilution to Fight Phishers

snipped-for-privacy@aracnet.com wrote:

>> >>> [TELECOM Digest Editor's Note: Yes, but just imagine, if every >>> legitimate netizen out there would make the effort to add five or >>> ten minutes of extra work to the load of their favorite spammer. >> Then you end up with a distributed denial of service attack on the >> mail servers of the world. > What if mail server operators set up their systems to firewall IP > addresses which attempt to send to over a certain percentage of > invalid addresses?

There are hundreds of thousands, if not millions, of infected home systems trying to deliver spam. I used to examine my mail logs to look for patterns, but there are very few duplicate IP addresses. And even if one system did try to deliver enough to trigger such a filter it would quickly be replaced by another. Eventually you would be blocking huge portions of the 'net, one IP address at a time. You could get more sophisticated, and maintain a database and try to consolidate by netblocks, but the end result is that you'll probably just block most of the Internet.

What if more mail-ops require valid reverse DNS as a condition of > accepting mail sessions? This would screen out most of the bot-nets.

And a significant number of legitimate sites, too. :-/ I personally use that approach. I don't accept email from sites without valid rDNS unless they've been explicitly whitelisted. There have been some important emails blocked because of it, but I say, "too bad." I've tried to inform the site admins, but they usually ignore me. One company has multiple mail servers, and some of them have valid rDNS while others don't. So random emails from them bounce.

And " wpoison " which was the first well-known harvester-polluting web > script always used invalid first-level domains to avoid the DDoS > problem.

Unfortunately, as the namespace becomes more crowded it becomes more likely that previously invalid names will become valid ones. You could, of course, make them obviously invalid, but if they're obvious then they're easy for the harvesters to filter.

John Meissen snipped-for-privacy@aracnet.com

Reply to
jmeissen
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.