[spambayes-dev] Results for DNS lookup in tokenizer
Paul Wagland
spambayes at kungfoocoder.org
Wed Apr 14 19:40:33 EDT 2004
On Thu, 2004-04-15 at 01:17, Tony Meyer wrote:
> > Like x-slurp_urls, enabling this option could allow host
> > names to be used as a bug by spammers to determine whether
> > an email address is live. That doesnt seem likely, but its
> > not impossible.
>
> This was discussed (a lot) back when the x-slurp_urls option was first
> offered. It's probably the main reason why even if it does live past being
> an experimental option, it'll never default to True. It's also the reason
> for the x-only_slurp_base option - I can't see any way (other than
> registering a domain per message) that it could then be used as a 'address
> is live' indicator.
Just as a side issue... they only need a subdomain for message, not a
full domain. I.e. aaa.spamisevil.com is just as unique as
aaaspamisevil.com
So, it would be fairly easy to setup to harvest "good" addresses. And,
as a bonus, if you don't care about the image being shown, just about
the e-mail address, you can return a false random response for the DNS
lookup.
Indeed, one early web site that I saw actually did cookie-less session
tracking using URL rewriting, but instead of playing with the URL, they
played with the hostname in a manner similar to aaacookieid.www.host.com
Food for thought,
Cheers,
Paul
More information about the spambayes-dev
mailing list