http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5777
------- Additional Comments From [EMAIL PROTECTED] 2008-01-11 02:25 ------- (In reply to comment #19) > on this point -- does it make a difference to the querier's DNS cache, > whether the domain or subdomain exists or not? In other words, a spammer > can equally launch this attack by filling a spam with foo1.com, foo2.com, ... > foo99999.com. They don't even have to register those domains -- the effect > on the DNSBL's server will be the same. The problem is multidimensional: 1. Spammers do use their botnets to automatically set up free host sites. The number of such sites that they can set up is many times larger than the size of their botnets, assuming each bot can set up more than one site, which it certainly can. Trying to store and serve those alone may break the nameservers. This bears repeating: the number of subdomain sites is easily larger than the number of botnets, possibly multiple orders of magnitude larger. Botnets are large and so are the resources of large freehosts. Sender IP blacklists are orders of magnitude larger than current URIBLs. A URIBL that attempts to capture every abused freehost subdomain is potentially much larger than sender IP blacklists, i.e, larger than the number of botnets by several orders of magnitude. I hope that's sufficiently clear. 2. Caching of potentially many millions of different subdomains may be ineffective. There's little reason to re-use the same subdomain in each new spam when it's trivial to set up another subdomain site. Making caching less effective is another possible attack against the nameservers. 3. This puts the size of the blacklist under control of how efficiently botnets can set up new free hosting sites. Unfortunately that process is probably very efficient. It effectively cedes control of the blacklist to the botnet operators. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
