-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
jdow writes: > From: "Justin Mason" <[EMAIL PROTECTED]> > > > - - if a spammer were to use a hostname like > > "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel to > > verify that I was (a) using SpamAssassin to filter to my mail, and (b) > > that that address is valid. So blindly resolving the full hostname was > > judged as unsafe. However, replacing hostname portions with another > > token is not useful: assuming that "jm_at_jmason_dot_org.spamdomain.com" > > will have the same A as "spamdomain.com" or "www.spamdomain.com" is > > naive and easily evaded. > > Seems many already do with base64 (or other) encoded gibberish in front > of the spamdomain.com. yeah, and it's almost certain that some of those contain some kind of encoding of the email address or db row ID. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCknsfMJF5cimLx9ARAtjAAJwK+weFBEGICzdOLCZ/jmXM6ghp1wCfa6vr GayMLPBdSrZgGXjXj40sLTQ= =QrZt -----END PGP SIGNATURE-----
