At 01:38 PM 4/9/2003 +0100, Matt Sergeant wrote:
On Wednesday, Apr 9, 2003, at 13:29 Europe/London, Brad Spencer wrote:
If you see a flaw what is it? Is it an engineering-immune flaw (can't be
fixed)?
If I were a spammer probing for open proxies I wouldn't probe by trying to
relay an email. Getting the results from this can take up to 5 days.
He doesn't do that. He does HELO, gets a response, does a quit. He
verifies he can connect to a remote port 25 through the proxy. That's
instantaneous, nearly.
In any case don't tell me, tell the spammer.
I would do some other form of request. Probably to a service I control
(like the web site I'm trying to advertise). That way I have both the log
that it worked at the client end and the log that it worked at the server end.
I'm not suggesting that's what spammers do, but what I would do if I were
a spammer. I'd want results faster than trying to probe by sending email.
It's just HELO and then QUIT. No message is attempted.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg