ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M

2010-02-08 09:08:47
from [Bart Schaefer] [Permanent Link] 
On Feb 8,  2:33pm, Peter J. Holzer wrote:
} Subject: Re: [Asrg] We really don't need no stinkin IMAP or POP foram butt
}
} 
} On 2010-02-08 12:00:43 +0000, Ian Eiloart wrote:
} > If I see a message that I think is spam, and it carries a 
} > "report-abuse-to" header, how do I know that the header was added by the 
} > MDA and not by the spammer?
} 
} In general you don't. But I don't see that as a particularly bad
} problem: The worst a spammer can do is a DDoS attack on a small ESP by
} adding a Report-Abuse-To header with the abuse address of that ESP.

I'd say the worst they can do is to direct the abuse report back to
themselves.  This not only suppresses some fraction of their spam
complaints, but it also confirms valid email addresses and may reveal
information about what MUA is in use, which in turn can be used to
refine the next spam or exploit that they direct to that address.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spam button scenarios, John Levine
Next by Date:  Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, John Levine
Previous by Thread:  Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, Ian Eiloart
Next by Thread:  Re: [Asrg] who gets the report, was We really don't need, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]