[Top] [All Lists]

Re: [Asrg] 6. Proposals - A Brief Defence of "Pull"

2003-10-01 10:06:35

Brett Watson writes:
A large volume of spam is currently shifted through proxy servers: either 
misconfigured HTTP proxies, or virus-compromised PCs with added malware 
(zombies) [ref.]. They provide 
a convenient way for a spammer to hide behind someone else's IP address. 
Requiring a callback to fetch the message data makes this approach much 
harder for a spammer, as it would require proxies in both directions: an HTTP 
proxy will not suffice at all, and the longer the callback is delayed, the 
more likely a zombie will have gone offline (at least temporarily), thus 
causing delivery failure.

Note that HTTP reverse-proxies *are* already being used by at least 1 spam
gang to shield their spamvertized websites.

Ie. they set up the spammed website on their hosting somewhere, then
preload its content into several open web caches [1].  They then change
the DNS record for that website to point to the caches, with a low TTL so
they can switch it to the next cache when the proxy gets shut down.

"Pull" methods should try to consider if this would still be workable.  If
it would, it's not a big deal for spammers to all start using that

([1]: I'm not entirely sure how this is done off the top of my head right
now. ;)


Asrg mailing list