ietf-asrg
[Top] [All Lists]

[Asrg] Regarding exploitation of bounces

2003-04-23 05:31:25
To those of you who gave me so much grief about how the "bounce-mail" exploit isn't a problem... there is another facet to it, that a spam solution still must address.

This morning my inbox contains dozens of 100Kbyte returned-as-undeliverable messages sent "from" an valid address that nobody knows connects to me directly, but that's visible on one web page... so it's not a directed attack but the random selection of an address to use in a from: field. So yes, I have megabytes in my inbox this morning.

In this case, it looks more like one of those Microsoft-favoring email worms that's just gone active on lots of computers, not a spam, today anyway.

The point was and is this, and i wish people would support the position:

- reverse attacks have many of the same characteristics as spam
- they are a delivery vector and an attack vector
- changes under discussion to deal with spam should consider this issue as well
- if all spam solutions work perfectly and this loophole were the only remaining delivery method, then spammers would begin to use it.

You want to know how they think, read all about Alyx at http://www.nytimes.com/2003/04/22/technology/22SPAM.html . They think it's a game.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>