Vernon Schryver
vjs@calcite.rhyolite.com
Sat Jan 3 15:14:00 UTC 2004
> From: "Chris Aseltine" <ophidian@newsnation.com>
> ...
> What would be involved in adding a feature to DCC where it loads the content
> of the URLs in a message and computes one or more checksums based on the
> content of the linked sites?
>
> This would have the added effect of wasting traffic on the spammers' sites.
> The spider could have a low timeout of say, 10 seconds, so that if a site
> was being hammered by other DCC users it would just assume it was a spam URL
> and file it as such.
>
> Whitelists could be used somehow to avoid hammering legitimate sites.
There are major problems with that idea:
- a message that refers to a broken URL is not particularly likely to
be an unsolicited bulk email message.
- the delays seen for a web site reflect the performance of interception
interception and other proxies as well as the local network as much
or more than the performance of the distant HTTP servers.
- To escape detection by this sort of mechanism, a spammer need only
send spam no faster that its HTTP servers can deliver web pages.
Serious HTTP servers can take a *lot* of hits/second. Load balancing
is also well developed.
- The first rule of dealing with network abuse is to not commit it.
"First do no harm." This sort of mechanism would be ripe for
abuse. Plenty of spam mentions unrelated URLs, such as stock
pump-and-dump spam. Then there would be revenge attacks. I don't
know about you, but I'd not like to see my web pages mentioned in
spam given this sort of mechanism..
Have you tried greylisting? It seems effective.
See http://www.dcc-servers.net/dcc/grey-list.html
Vernon Schryver vjs@rhyolite.com
More information about the DCC
mailing list
