Rick McMillin <[EMAIL PROTECTED]> writes on 9 March 1999 at 09:30:22 -0600
> OK, by now I'm sure you've all heard about this thread that's
> been going around about this program that connects to your
> SMTP server, runs through a built in dictionary of addresses
> verifying the validity of each address. It then takes the results
> and sends emails to the ones it knows exists. It does something
> like this.
And qmail gives it a positive on every name it tries. This has
up-sides and down-sides. If everybody did this, the attack wouldn't
work at all and wouldn't be tried. It's sort-of like building one of
those infinite mazes of web-pages with invalid addresses on every page
to try to pollute the mailing lists of people harvesting web
addresses.
On the other hand, since people ARE trying this attack, it means
you'll be getting double-bounces on 500,000 pieces of spam soon, which
might not be so good.
--
David Dyer-Bennet [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!
