Brett Watson writes:
A large volume of spam is currently shifted through proxy servers: either
misconfigured HTTP proxies, or virus-compromised PCs with added malware
(zombies) [ref. http://article.gmane.org/gmane.ietf.asrg/6061]. They provide
a convenient way for a spammer to hide behind someone else's IP address.
Requiring a callback to fetch the message data makes this approach much
harder for a spammer, as it would require proxies in both directions: an HTTP
proxy will not suffice at all, and the longer the callback is delayed, the
more likely a zombie will have gone offline (at least temporarily), thus
causing delivery failure.
Note that HTTP reverse-proxies *are* already being used by at least 1 spam
gang to shield their spamvertized websites.
Ie. they set up the spammed website on their hosting somewhere, then
preload its content into several open web caches [1]. They then change
the DNS record for that website to point to the caches, with a low TTL so
they can switch it to the next cache when the proxy gets shut down.
"Pull" methods should try to consider if this would still be workable. If
it would, it's not a big deal for spammers to all start using that
technique.
([1]: I'm not entirely sure how this is done off the top of my head right
now. ;)
--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg