spf-discuss
[Top] [All Lists]

Re: Attacking the throwaway-domain problem

2003-10-15 22:08:13

wayne writes:
Yep, I reckon about 64 bytes per address would do it.

Woah!  64 bytes per address is huge!

I would reckon about 4 bytes total would do it.  Seed your random
number generator with the 4 bytes.  Then select at random a proxy from your
list and a victim to use as the bogus from address.  Use that pair to
spam, say, 1000 people, and then repeat the process.

Yeah, I was assuming 64 bytes, assuming they didn't want to change how
they picked the addresses to spam ;)  64 bytes = [ random seed, email addr
to spam, IP of proxy to use ].

                                                       It's *trivial* for
spamware to get past greylisting; the only reason it doesn't yet, is
because it's not yet widespread.

But the combination of graylists, RHSBLs and SPF could pack a powerful
punch.

Hey, that's the SpamAssassin philosophy! ;)

--j.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

Attachment: pgpT0WkVdkVIU.pgp
Description: PGP signature