[spambayes-dev] Results for DNS lookup in tokenizer

Paul Wagland spambayes at kungfoocoder.org
Wed Apr 14 19:40:33 EDT 2004

On Thu, 2004-04-15 at 01:17, Tony Meyer wrote:
> > Like x-slurp_urls, enabling this option could allow host 
> > names to be used as a bug by spammers to determine whether
> > an email address is live. That doesnt seem likely, but its
> > not impossible.
> This was discussed (a lot) back when the x-slurp_urls option was first
> offered.  It's probably the main reason why even if it does live past being
> an experimental option, it'll never default to True.  It's also the reason
> for the x-only_slurp_base option - I can't see any way (other than
> registering a domain per message) that it could then be used as a 'address
> is live' indicator.

Just as a side issue... they only need a subdomain for message, not a
full domain. I.e. aaa.spamisevil.com is just as unique as

So, it would be fairly easy to setup to harvest "good" addresses. And,
as a bonus, if you don't care about the image being shown, just about
the e-mail address, you can return a false random response for the DNS

Indeed, one early web site that I saw actually did cookie-less session
tracking using URL rewriting, but instead of playing with the URL, they
played with the hostname in a manner similar to aaacookieid.www.host.com

Food for thought,

More information about the spambayes-dev mailing list