TELECOM Digest OnLine - Sorted: Re: Using Dilution to Fight Phishers

Re: Using Dilution to Fight Phishers
3 May 2006 19:06:04 GMT

In article <>,
<> wrote:

> wrote:

>> In article <>, TELECOM Digest
>> Editor wrote:

>>> [TELECOM Digest Editor's Note: Yes, but just imagine, if every
>>> legitimate netizen out there would make the effort to add five or
>>> ten minutes of extra work to the load of their favorite spammer.

>> Then you end up with a distributed denial of service attack on the
>> mail servers of the world.

> What if mail server operators set up their systems to firewall IP
> addresses which attempt to send to over a certain percentage of
> invalid addresses?

There are hundreds of thousands, if not millions, of infected home
systems trying to deliver spam. I used to examine my mail logs to look
for patterns, but there are very few duplicate IP addresses. And even
if one system did try to deliver enough to trigger such a filter it
would quickly be replaced by another. Eventually you would be blocking
huge portions of the 'net, one IP address at a time. You could get
more sophisticated, and maintain a database and try to consolidate by
netblocks, but the end result is that you'll probably just block most
of the Internet.

> What if more mail-ops require valid reverse DNS as a condition of
> accepting mail sessions? This would screen out most of the bot-nets.

And a significant number of legitimate sites, too. :-/ I personally
use that approach. I don't accept email from sites without valid rDNS
unless they've been explicitly whitelisted. There have been some
important emails blocked because of it, but I say, "too bad." I've
tried to inform the site admins, but they usually ignore me. One
company has multiple mail servers, and some of them have valid rDNS
while others don't. So random emails from them bounce.

> And " wpoison " which was the first well-known harvester-polluting web
> script always used invalid first-level domains to avoid the DDoS
> problem.

Unfortunately, as the namespace becomes more crowded it becomes more
likely that previously invalid names will become valid ones. You
could, of course, make them obviously invalid, but if they're obvious
then they're easy for the harvesters to filter.

John Meissen

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Jack M. Germain: "Can Open Source Defeat Microsoft?"
Go to Previous message: Waitman Gobble: "Re: Eavesdropping and Wiretapping Video Receives 5 Stars Review"
May be in reply to: Munir Kotadia ZDNET Australia: "Using Dilution to Fight Phishers"
TELECOM Digest: Home Page