David B Funk wrote to Mariano Absatz:
The only way that it could be used as a true DDoS would be if the spammers were to create unique sets of URLs for -each- message.
Sure, they could randomize it.
This tends to run counter to their bulk sender paradigm as it would require computational cost and central bandwidth for each message sent.
Agreed.
If this were to come to pass then we would need that 'MAIL_HAS_CRAPLOAD_OF_INVISIBLE_URIS' rule. ;)
Yep. :-) Actually, *any* invisible URIs would probably be a good
indicator of spam, but making that an eval rule would allow for
thresholds, so a mail with five invisible URIs would be hit a lot harder than a mail with one or two.
Hmm... Has anyone done any work on such a rule? If not, I might take a stab at it.
- Ryan
-- Ryan Thompson <[EMAIL PROTECTED]>
SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America
