Great Circle Associates List-Managers
(December 2000)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Is mailback validation still safe?
From: murr rhame <murr @ vnet . net>
Date: Sat, 9 Dec 2000 07:57:14 -0500 (EST)
To: Chuq Von Rospach <chuqui @ plaidworks . com>
Cc: list-managers @ GreatCircle . COM
In-reply-to: <p0433010db6579022bfbf@[209.239.169.197]>

On Sat, 9 Dec 2000, Chuq Von Rospach wrote:

> Someone we know runs a list on egroups. Twice today he was
> spammed by the porn spammers -- from subscribed accounts.

If the mailing list or site is a big enough target, and you're
able to create an account to process mail-back validations,
there's no reason why you couldn't automate a fake validation
return process for spamming.

> First, you get access to some domains...

If they use the methods you mentioned, your only defense would be
to blacklist the offensive domains.  I can think of a more
sinister way to validate using domains that most people wouldn't
want to block.

> he now owns your list, at least until you figure out what's
> going on and nuke the subscribed address. ...

On my lists, he would have to submit a few on-topic posts for
manual approval before he sent his spam.

> So I'm throwing it to the list, to see if there's information
> others have that might corroborate what I think I'm seeing
> (that you may not have realized for waht it might be), or t
> poke holes in my analysis, or to start thinking of how to
> deal with it.

Your analysis looks reasonable at first glance.  As you
mentioned, most spammers aren't sophisticated enough to implement
the system you propose.  Also, some states have written anti-spam
laws with teeth.  See www.suespammers.org.  One fellow in
Colorado claims to have collected $13k from spammers (money in
hand, not just court awards).



- murr -




Follow-Ups:
References:
Indexed By Date Previous: Is mailback validation still safe?
From: Chuq Von Rospach <chuqui@plaidworks.com>
Next: more on mailback issues.
From: Chuq Von Rospach <chuqui@plaidworks.com>
Indexed By Thread Previous: Is mailback validation still safe?
From: Chuq Von Rospach <chuqui@plaidworks.com>
Next: Re: Is mailback validation still safe?
From: J C Lawrence <claw@kanga.nu>

Google
 
Search Internet Search www.greatcircle.com