On Thu, 23 Dec 2010, David F. Skoll wrote:
On Thu, 23 Dec 2010 17:08:11 -0800 (PST)
John Hardin <jhar...@impsec.org> wrote:
But the known-evil addresses aren't the data being protected (however
poorly) - the email addresses from your inbound mail that you're
checking against the list of evil addresses (which may include
correspondents who don't want their email addresses spread about
publicly) are what you're protecting.
Ah, I see. You want to protect the email addresses you're checking
from a malicious DNS server that might harvest the addresses... OK.
Or from sniffers on the public network capturing the DNS query off the
wire.
I'm not sure a DNSBL of email addresses would be effective. We see
spammers mutating addresses all the time. I expect that's why there
haven't been any widely-used email address DNSBLs.
The context for this is where the sender of the message wants to get a
reply, typically for phishing. Those addresses will likely be valid and
stable (if only for a fairly short period of time) where a commercial
spammer will gladly forge all contact addresses to prevent identification
or in an attempt to leverage whitelists.
The utility of this is questionable - in the past few days I saw a report
that some large portion of the identity data captured by phishers was
obtained in the very early stages of the attack, before the phishing had
been reported to authorities who investigate and shut down the
phishers' accounts/websites.
The response time for listing an email address in a phishing emailRBL may
be too great to see much benefit.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
2 days until Christmas