Autor: Pat Lashley Data: Para: John W. Baxter, exim-users Asunto: Re: [Exim] Verisign pulls a fast one
--On Tuesday, September 16, 2003 00:42:02 -0700 "John W. Baxter"
<jwblist@???> wrote:
> [john@Zeus john]$telnet fripple2.com 25
> Trying 64.94.110.11...
> Connected to sitefinder-idn.verisign.com.
> Escape character is '^]'.
> 220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready
> ehlo fox.olympus.net
> 250 OK
> mail from: <testtest@???>
> 250 OK
> rcpt to: <testtest@???>
> 550 User domain does not exist.
>
> [It's an unauthorized relay, Verisign, not a non-existent domain.]
I'm a bit surprised that they run a MTA at all on that server. It
leads me to another idea.
For some time I've had a low-priority item on my to-do list concerning
setting up a web page that will contain a non-visible mailto: with a
local part constructed from the fetching host's IP address and a timestamp.
(Both suitably disguised to avoid easy filtering.) Then any attempt to
spam those addresses can be traced back to some clues about who harvested
them. (I wish I could take credit for this idea; but somebody else beat
me to it.)
Now, what if a bunch of people were to set up pages with lists of hidden
bogus mailto addresses where the domain part was a randomly constructed
non-existant domain? The spammers would wind up trying to send to
VeriSign's sitefinder host because VeriSign's DNS servers would be
claiming that is the right IP address for that domain...
Sounds like poetic justice to me. (And an object lesson for them in
why wildcarding .com and .net is a very bad idea.)
In fact, actually, as I think of it, they'll be getting hit anyway
by sites that are attempting to bounce to forged addresses that don't
correspond to a real domain.