Author: Pat Lashley Date: To: Robert Kehl, Exim Users Mailing List Subject: Re: [Exim] Verisign pulls a fast one
--On Tuesday, September 16, 2003 10:40:47 +0200 Robert Kehl
<mailinglists@???> wrote:
>> Now, what if a bunch of people were to set up pages with lists of
> hidden
>> bogus mailto addresses where the domain part was a randomly
> constructed
>> non-existant domain? The spammers would wind up trying to send to
>> VeriSign's sitefinder host because VeriSign's DNS servers would be
>> claiming that is the right IP address for that domain...
>
> What if you construct an existant domain?
Not a problem - do a DNS lookup on each generated domain to ensure
that it returns the sitefinder IP address. If you're worried about
the delay of doing it dynamically just before returning the address,
set up a low priority daemon to generate the addresses, test them,
and stick them in a queue for the http server to use. It shouldn't
take long to figure out what size queue you need to avoid letting
the addresses get too stale without ever letting the queue go dry.
An additional protection against the likelyhood of matching a real
site would be to generate third or even fourty-level qualifiers in
your bogus domains. (E.g., rnwmq.fjdklquro.quriozxcv.com)