In <20031016042437(_dot_)D8A4716F0E(_at_)jmason(_dot_)org>
jm(_at_)jmason(_dot_)org (Justin Mason) writes:
wayne writes:
Graylists require the same tuple of (sending IP address, from email address,
to email address) to remain constant. All a spammer needs to do to
get past a graylist is to make sure they use the same open proxing and
forged from email address to send to the same victim every time. This
is really not a heck of a lot of extra bookkeeping, you can often get
by with just using the same random number seeds.
Yep, I reckon about 64 bytes per address would do it.
Woah! 64 bytes per address is huge!
I would reckon about 4 bytes total would do it. Seed your random
number generator with the 4 bytes. Then select at random a proxy from your
list and a victim to use as the bogus from address. Use that pair to
spam, say, 1000 people, and then repeat the process.
Once upon a time, a spammer left their website open and exposed their
50 million email addresses (named "remove.txt", so you know what they
do with remove requests....). After suitable compression, the
database ends up to average around 3.4 bytes per address. It is kind
of interesting to see which email addresses that I know about were on
the list, and which weren't.
It's *trivial* for
spamware to get past greylisting; the only reason it doesn't yet, is
because it's not yet widespread.
But the combination of graylists, RHSBLs and SPF could pack a powerful
punch.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡