Re: DNSBL for email addresses?

Thu, 23 Dec 2010 18:17:01 -0800 

On Thu, 23 Dec 2010, David F. Skoll wrote:


On Thu, 23 Dec 2010 17:08:11 -0800 (PST)
John Hardin <jhar...@impsec.org> wrote:


But the known-evil addresses aren't the data being protected (however
poorly) - the email addresses from your inbound mail that you're
checking against the list of evil addresses (which may include
correspondents who don't want their email addresses spread about
publicly) are what you're protecting.


Ah, I see.  You want to protect the email addresses you're checking
from a malicious DNS server that might harvest the addresses... OK.
Or from sniffers on the public network capturing the DNS query off the wire. 


I'm not sure a DNSBL of email addresses would be effective.  We see
spammers mutating addresses all the time.  I expect that's why there
haven't been any widely-used email address DNSBLs.
The context for this is where the sender of the message wants to get a reply, typically for phishing. Those addresses will likely be valid and stable (if only for a fairly short period of time) where a commercial spammer will gladly forge all contact addresses to prevent identification or in an attempt to leverage whitelists.
The utility of this is questionable - in the past few days I saw a report that some large portion of the identity data captured by phishers was obtained in the very early stages of the attack, before the phishing had been reported to authorities who investigate and shut down the phishers' accounts/websites.
The response time for listing an email address in a phishing emailRBL may be too great to see much benefit. 

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
                                           -- Peter da Silva in a.s.r
-----------------------------------------------------------------------
 2 days until Christmas

Reply via email to