On Sat, 9 Dec 2000, Chuq Von Rospach wrote:
> Someone we know runs a list on egroups. Twice today he was
> spammed by the porn spammers -- from subscribed accounts.
If the mailing list or site is a big enough target, and you're
able to create an account to process mail-back validations,
there's no reason why you couldn't automate a fake validation
return process for spamming.
> First, you get access to some domains...
If they use the methods you mentioned, your only defense would be
to blacklist the offensive domains. I can think of a more
sinister way to validate using domains that most people wouldn't
want to block.
> he now owns your list, at least until you figure out what's
> going on and nuke the subscribed address. ...
On my lists, he would have to submit a few on-topic posts for
manual approval before he sent his spam.
> So I'm throwing it to the list, to see if there's information
> others have that might corroborate what I think I'm seeing
> (that you may not have realized for waht it might be), or t
> poke holes in my analysis, or to start thinking of how to
> deal with it.
Your analysis looks reasonable at first glance. As you
mentioned, most spammers aren't sophisticated enough to implement
the system you propose. Also, some states have written anti-spam
laws with teeth. See www.suespammers.org. One fellow in
Colorado claims to have collected $13k from spammers (money in
hand, not just court awards).
- murr -
