[Top] [All Lists]

Call Back Verification (was: NDNs considered harmful)

2010-08-13 09:13:52
On 2010-08-13 08:18:52 -0400, Rich Kulawiec wrote:
On Thu, Aug 12, 2010 at 08:36:08PM -0400, Hector Santos wrote:
I don't see how it allows spammers to bypass security measures. 

That's probably because you haven't read the original source material
that I referenced. [1]

That might be because that source was a) vague ("the spam-l archives" -
I don't know the spam-l list, but on any moderately busy mailing list a
reference to "the archives" is mostly useless - you would have to
reference a specific thread or at least a (rather short) period of time)
and b) not public - I assume that is the archive, and I cannot
access it without a password).

[1] For example, and this condensed outline of just one of many possible
scenarios is NOT a substitute for reading the original source material:
consider what happens when an abuser registers a throwaway domain and
points the MX's for it at the victim's MX's, then uses a few million
zombies to simultaneously send traffic putatively from that throwaway
domain to mail servers which use callbacks.

That would be a DDoS attack, but I don't see how it "bypasses security


   _  | Peter J. Holzer    | Openmoko has already embedded
|_|_) | Sysadmin WSR       | voting system.
| |   | hjp(_at_)hjp(_dot_)at         | Named "If you want it -- write it"
__/   | |  -- Ilja O. on 

Attachment: signature.asc
Description: Digital signature

<Prev in Thread] Current Thread [Next in Thread>