Author: Robert Kehl Date: To: exim-users Subject: Re: [Exim] Verisign pulls a fast one
----- Original Message -----
From: "Pat Lashley" <patl@???>
Sent: Tuesday, September 16, 2003 10:11 AM
> For some time I've had a low-priority item on my to-do list concerning
> setting up a web page that will contain a non-visible mailto: with a
> local part constructed from the fetching host's IP address and a timestamp. > (Both suitably disguised to avoid easy filtering.) Then any attempt to > spam those addresses can be traced back to some clues about who harvested > them. (I wish I could take credit for this idea; but somebody else beat > me to it.)
Interesting idea, although you'd have to stop all open proxies,
translation sites, web2email services and the like. But nevertheless an
approach that could yield interesting results. You'd have to ensure a
pretty good disciplined data keeping, though.
> Now, what if a bunch of people were to set up pages with lists of hidden > bogus mailto addresses where the domain part was a randomly constructed > non-existant domain? The spammers would wind up trying to send to
> VeriSign's sitefinder host because VeriSign's DNS servers would be
> claiming that is the right IP address for that domain...
What if you construct an existant domain? Wouldn't be nice for the
domain holder. Even though most people might avoid owning a domain like
"fwnjwebr9.com" (<-- domain part constructed by punching randomly on my
keyboard...), there might be some out there who don't. So you'd have to
have double check for each access, or you have to check frequently if
you use one (or some) hardcoded domains you believe to not exist.
> Sounds like poetic justice to me. (And an object lesson for them in
> why wildcarding .com and .net is a very bad idea.)
Never mind, I'd say- they started it, and it's them stepping the legal
borders IMHO, not us.