Andrew van der Stock wrote: > The scenario is this: SpamInjector talks with the victim mail host. > The victim mail host will accept the mail, but there's a problem. The > response from the victim box causes spam to the spam recipient, but > of course the victim host's fingerprints are all over it. I see what you are saying. Nasty scenario to prevent. > Anyone else seeing this? We've been tossing around mechanisms to stop > it, but all the alternatives break compliance with the RFC, and will > certainly cause mail lists to be far less useful. I haven't seen it myself, but most mailinglists use this feature to remove non-existing addresses from their subscribers list. If you want to make this abuse of your mailserver totally useless, make sure that the bounce only includes the appropriate headers, and not the body of the original message. This way it will be quite hard for the spammers to get their full message accross. -- Richie ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 08:39:00 PDT