On Wed, Sep 17, 2003 at 04:40:29AM -0500, Stewart, William C (Bill), RTSLS wrote: > It's even more fun with dictionary attacks, where the spammer targets [EMAIL > PROTECTED] > through [EMAIL PROTECTED] - A DNS rejection would cause a direct attacker > or (more likely) a relay attacker to give up quickly, and a 554 might do that also, > while rejecting all 26**8 recipients one at a time is probably just the kind of > behaviour > that spamware is happy to talk to all day. Now all Verisign needs to add is a > teergrube function > to generate its responses very slowly after the first couple of them and they'll > stay tied up for months, > especially since many of them won't notice that bogusdomain1.com through > bogusdomain32767.com > are all going to the same IP address, since that's not uncommon virtual hosting > behaviour.
I think it is hoping rather too much to expect spamware authors to be unable to modify their scripts to detect the verisign IP.
