[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Wednesday 02 Jul 2003 9:14 pm, Adrian Midgley wrote: > On Wednesday 02 July 2003 19:15, you wrote: > >the href="" sections contain unique log ID references that > can tell the spammer that the email has been read and that > therefore the account is live. > > Which made me think that one might send a stream of spoofed > "unique log ID references" back to the bastards concerned, > devaluing their lists of "live" email addresses. How? exactly? You'd have to be able to match the spoof ID to a listed email address and presumably therefore know the workings of the script that the spammer uses to generate the ID. False ID's would just be dumped by the script upon receipt. It's not hard to transform an email address into a unique ID and to verify that ID back again - but without knowing how that transformation is done so that you can spoof an ID that will verify, it's like trying to crack a password - for each ID you want to spoof. The generation and verification of the ID takes no more than 4 - 12 lines of Perl (depending on how hard you want to mask the original 'seed' data) which would take so little time on a server that you would find it hard to measure, so bombarding the (usually web) server with invalid spoofs isn't exactly going to register as a DoS. I have used this seed masking in Perl and the only real way to crack it is the same way as any substitutional cypher - you need to get hold of a lot of identical messages sent to various email accounts, all using the same cypher pattern AND hit it before the cypher pattern changes again. Whilst the pattern is in use, A is always g etc. but the next pattern changes A to decipher as r and so on. If each spammer uses a different pattern cycle it gets worse! If the spammer allows a few days for 'interested' victims to click/open the spam before changing the cypher pattern, it's going to be hard to make valid spoof ID's. The cypher pattern can be set to change randomly - just as long as the cypher pattern itself is retained to allow verification within the timeframe. Unlike the Enigma codes, there's no weak point of sending the cypher pattern to a receiver because with spam ID's the receiver (the one who needs to validate / decipher the ID) IS the sender (the one who generated the ID) - a closed loop cypher. As the cypher pattern does not need to be revealed to anyone except the sender, each cypher has to be cracked from scratch every time the pattern changes. Sounds like more work than is required. Use SpamAssassin and install Razor too, then the spam can be reported as verified and spam filters all over the internet can be updated. -- Neil Williams ============= http://www.codehelp.co.uk http://www.dclug.org.uk http://www.wewantbroadband.co.uk/
Attachment:
pgp00014.pgp
Description: signature