[Spambayes] Latest spammer trick stymied

tshumway at jdiworks.net tshumway at jdiworks.net
Mon Mar 31 14:40:42 EST 2003 

Quoting Skip Montanaro <skip at pobox.com>:
> 
>     >> We definitely should NOT crawl the site, just in case it really is an
>     >> innocent url.  The load can crush a site, particularly if it's
>     >> hosted.
> 
>     Richard> Nah. You need to throw thousands of requests at a half-decent
>     Richard> web server before it gives up the ghost. And if they're sending
>     Richard> out 10 million mail pieces, they should expect their http
>     Richard> server to take some load. These are definitely NOT innocent
>     Richard> emails. They come from bogus senders, have minimal headers
>     Richard> (deliberately), and contain *nothing* but a url. Which points,
> 
> You can't make that judgement beforehand.  If the site you are poking is a
> valid site and the email received was not spam, none of what you said holds.
> If I remember correctly, you said this was only to be performed in
> circumstances where certain criteria were met, none of which included a
> conclusion the mail was spam.

Anyone who includes a URL in a mail message will probably be prepared for some
load based on the number of people receiving the message. If I send a message to
a client asking him to look at a web site on a staging server, I expect a dozen
or so hits, followed by a phone call.  If I send a message to my family mailing
list, I expect a couple hundred hits (followed by a complaint from my brother
that his picture looks ugly (What can I do? 8-) ).  If an evil spammer sends a
URL to 50 million addresses, it might expect (hope for) a decent slashdot spike.

Interpreting the results of the http request opens a new can of worms.  All of 
the tricks we use to mangle addresses (javascript, formmail honeypots,
user-agent based web-pages, funky encodings, etc.) can now be used by the
spammer against us. hmmm. I think it will take a while for that to become a
major problem.

In a server-side deployment where the same spam is likely to reach many hosted
mailboxes, a specialized proxy server might be able to reduce the perceived
response rate and the wasted bandwidth.


 -- Terrel

More information about the Spambayes mailing list