![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Great. Now it's my turn to get blocked.
Sheila King
sheila at spamcop.net
Sun Jan 25 18:07:31 EST 2004
On Sun, 25 Jan 2004 15:36:41 -0800, Don Wannit <nobody at spamcop.net> wrote
in spamcop in article <bv1jub$fc9$1 at news.spamcop.net>:
> I have two big worries about automated processing of mail received
> at spamtrap addresses:
>
> 1 - The header parsing can and does make mistakes. One of my
> hosts was a victim of a parsing error last year when the
> rDNS lookup timed out because of high system load (the
> infamous "Molasses Meltdown"). That rDNS lookup failure
> caused the parse to bail and blame my IP. This is another
> reason for a human to vet a purported spamtrap report.
>
> 2 - If a spamtrap address is available to be harvested by a
> 'bot, then it can be gleaned by a human. For example, the
> rotating spamtrap addresses that appear and change from time
> to time on the various SpamCop web pages. A malicious
> person could grab one of those, and subscribe it to a
> mailing list somewhere.
>
> That well-run mailing list will of course send a subscription
> confirmation message with some sort of unique key ("double
> opt-in", "confirmed opt-in", "closed-loop opt-in", whatever
> you want to call it).
>
> When that mailing list sends the confirmation email to the
> spamtrap address, it must not get listed automatically!
> It's doing exactly what we want (and demand) the mailing
> list signup process to do. Innocent mail sent to a spamtrap
> address needs to be filtered out, and that may require human
> action.
Both very good examples of the flaw with automated spamtrap processing.
I did mention case #2 in another post, but case #1 is also a very valid
concern. We have seen quite a number of cases over the past year where SC
header parsing failed due to DNS timeouts.
--
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org/
More information about the SpamCop-List
mailing list