Call Back Verification (was: NDNs considered harmful)

On 2010-08-13 08:18:52 -0400, Rich Kulawiec wrote:
> On Thu, Aug 12, 2010 at 08:36:08PM -0400, Hector Santos wrote:
> > I don't see how it allows spammers to bypass security measures. 
> That's probably because you haven't read the original source material
> that I referenced. [1]
That might be because that source was a) vague ("the spam-l archives" -
I don't know the spam-l list, but on any moderately busy mailing list a
reference to "the archives" is mostly useless - you would have to
reference a specific thread or at least a (rather short) period of time)
and b) not public - I assume that
http://spam-l.com/mailman/private/spam-l/ is the archive, and I cannot
access it without a password).


> [1] For example, and this condensed outline of just one of many possible
> scenarios is NOT a substitute for reading the original source material:
> consider what happens when an abuser registers a throwaway domain and
> points the MX's for it at the victim's MX's, then uses a few million
> zombies to simultaneously send traffic putatively from that throwaway
> domain to mail servers which use callbacks.
That would be a DDoS attack, but I don't see how it "bypasses security
measures".

        hp

-- 
   _  | Peter J. Holzer    | Openmoko has already embedded
|_|_) | Sysadmin WSR       | voting system.
| |   | hjp(_at_)hjp(_dot_)at         | Named "If you want it -- write it"
__/   | http://www.hjp.at/ |  -- Ilja O. on 
community(_at_)lists(_dot_)openmoko(_dot_)org

signature.asc
Description: Digital signature