Justin Mason wrote:
Note that HTTP reverse-proxies *are* already being used by at least 1 spam
gang to shield their spamvertized websites.
This is true. Some documentation on an instance of this can be found at the
following site.
http://www.lurhq.com/migmaf.html
"Pull" methods should try to consider if this would still be workable. If
it would, it's not a big deal for spammers to all start using that
technique.
I expect that the "pull" technique would connect back to the IP from which the
SMTP session originated. There may be other possibilities, but this seems
like the safest and most reasonable protocol, for the purposes of this
discussion, at least. It has the benefit of minimal difference to the
existing "push" case.
Under these circumstances, a reverse proxy can work, but the DNS tricks used
in the case of reverse proxying a website won't have any effect (since no DNS
lookup is necessarily involved). The effectiveness of the proxy will be
limited by the amount of time the compromised machine stays online and
available at a given IP address, having sent an envelope, relative to the
average time to callback.
So pull-mode delivery doesn't defeat this outright, but it's not friendly to
it. I believe it's fair to say that it would shift the cost/benefit ratio of
spam significantly in our favour without harming legitimate mail.
Regards,
TFBW
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg