funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why spam blacklisting isn't going to work anymore ...

From: der Mouse <mouse () rodents-montreal org>
Date: Thu, 14 Apr 2011 11:12:52 -0400 (EDT)
The real issue isn't that you can't block an entire CIDR, but that
the current DNSBL query methods compare with the full IP, which means
that caching becomes useless, since the /56 that a given user gets
can be cycled through randomly with more than the 2^40 times the
current Internet worth of AAAA RRs.


Actually, it occurs to me: this is something only spammers are likely
to do.  Thus, it becomes a detectable behaviour which can be used to
identify them.

I can see plenty of problems with that.  I'm sure you can too.  But it
might be worth thinking about.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: