Stewart Stremler wrote: > begin quoting John H. Robinson, IV as of Wed, May 18, 2005 at 11:21:38PM > -0700: > > Stewart Stremler wrote: > [snip] > > This is pretty easy for a mindless smtp server to get around: send out > > the spam; send the same one out again in (say) six hours. If the > > unique tokens are hashed through the target address, it is a simple > > matter to go through the list twice. If the mail goes through twice, so > > much the better! > > Open relays are generally considered a Bad Thing.
Not open relay, but the small smtp servers that are run on the zombie systems. The ones that don't pay attention to SMTP return codes. Instead of doing a fire and forget, do a fire, fire again, and then forget. Sites without greylisting would get the message twice, and those with it would get it once. This gets around RBL's because 1) there is no open relay 2) all targets would be hit at roughly the same time. By the time the first site reports to the RBL, and the other sites have updated the RBL list, the round should be completed. Assuming, of course, the turnaround time from site gets hit with spam to the time other sites have update RBL lists is greater than say four to six hours. > And if you link into an RBL, hopefully the IP of the mindless smtp > server can end up in the RBL in six hours. > > > I'm not actually interested in writing the code to test this theory. > > Plenty of real-world sources of spam out there already. They would not work, as you do not know know the characteristics of the SMTP server on the remote end. You need a better controlled environment. And this whole thing got me to thinking about how email is very much a peer-to-peer network. Fun! -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
