That is *exactly* what I expect to see happen.
This is where the nuances of the system really start to show/work.
Realize this:
1) The spammer owns a domain.
2) The spammer has provided a return address accurate up to at least the
domain (which they own, or the compromised someone else's server, but that
is highly illegal, not to mention 'hard') There is absolute certainty that
the email came from this domain. Therefore, it can easily be black-listed.
There's also no reason why you can't first check for a query for a black
listed domain and return INVALID USER for them regardless of user. If you
are using the promoted/demoted chars I speak of frequently, then you can
safely demote the email so the message will get through. Else if you're
taking a hard-line stance, you can just reject the email.
We now have a traceable route back to the spammer. At there very least, we
have their MX IP, which can be traced to their ISP and so on.
-----Original Message-----
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
[mailto:Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu]
Sent: Tuesday, March 11, 2003 1:42 PM
To: Jason Hihn
Cc: ASRG
Subject: Re: [Asrg] Several Observations and a solution that addresses
them all
On Tue, 11 Mar 2003 12:08:15 EST, Jason Hihn said:
write(socket, "VALIDATE user\n")
read(socket, response)
if (find(response, "USER UNKOWN")
Spammer code:
open(socket);
while (accept(socket)) {
write(socket,"USER IS A GOOD GUY NOT A SPAMMER");
}
You were expecting anything different when you do a callback to an
address provided by the spammer?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg