Kjetil Kjernsmo <[EMAIL PROTECTED]> writes: > (Aside: I do that by having a line <link rel="NeverEMail" > href="mailto:[EMAIL PROTECTED]"> in many web pages, and that > works excellently, this address is harvested and spammed, and when that > happens, the intention is that subsequent mail is stopped. This markup > may not work in the future, though, as more User Agents start to support > the link element).
I've got a few traps like that on my web-pages; a user browsing the rendered page will never see anything untoward, but a very stupid or a malicious bot will add itself to a list of IP#s blocked in .htaccess dead quickly. I've seen this linked to within a /30 of an email-spammer's IP# as well. Boy was I chuffed :) > This is why I think it may be spammers who actually do this, it is easy > to see that spammers can drastically reduce the value of Razor by sending > it large amounts of legitimate e-mail from the lists that Razor-users > would normally use. It's been a known phenomenon for a considerable number of months, in the right circles. This is why advertising your trap addresses with the words `razor' or `pit' or `dump' in them is a really *bad* idea. > I hear that the new Razor has some trust-model, that may be able to > address this. It's not particularly new, either. Razor2, been out for a large number of months, has had a trust-model for submitting in the name of a given UID, so that the ID can be scored. I'm not sure of the dynamics of this, but `Listed in Razor' sounds to me like it's lacking refinement - "listed in razor by 10 mostly reliable people" would be far more like it. > Actually, I think we're in a arms-race with the spammers that requires > the spam-tools to updated more frequently than the normal release-cycle > would accomodate for, but that's another story. Let's not lose sight of the small fact that the original problem is the use of a mailing-list to propagate spam, and that when a spammer starts hitting a list repeatedly, the responsible thing to do is block that cretin as accurately as possible. In such an instance, I would say that sending an accurately identified subset of mailing-list traffic to Razor2 was very well justified. ~Tim -- <http://spodzone.org.uk/>