North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Verisign changes violates RFC2821, and spam implications

  • From: Andy Smith
  • Date: Wed Sep 17 06:09:44 2003

On Wed, Sep 17, 2003 at 04:40:29AM -0500, Stewart, William C (Bill), RTSLS wrote:
> It's even more fun with dictionary attacks, where the spammer targets [email protected]
> through [email protected] - A DNS rejection would cause a direct attacker
> or (more likely) a relay attacker to give up quickly, and a 554 might do that also,
> while rejecting all 26**8 recipients one at a time is probably just the kind of behaviour 
> that spamware is happy to talk to all day.   Now all Verisign needs to add is a teergrube function
> to generate its responses very slowly after the first couple of them and they'll stay tied up for months,
> especially since many of them won't notice that bogusdomain1.com through bogusdomain32767.com
> are all going to the same IP address, since that's not uncommon virtual hosting behaviour.

I think it is hoping rather too much to expect spamware authors to
be unable to modify their scripts to detect the verisign IP.