![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: A mailman opt-in plus confirmation mailing list is spam?
Mike Easter
MikeE at ster.invalid
Fri Mar 10 21:49:39 EST 2006
Don Wannit wrote:
> Mike Easter wrote:
> However, my worry is automated spamtraps that add
> IPs to blocklists without sanity-checking, either by smart enough
> software or by humans.
I have discussed my concerns about some ramifications of spamtraps here
in the past. My view was different from yours I think, at least in the
first 'example' -- but the same in the 2nd.
> If you create a spamtrap address "info" at
> some domain name which is public, even if you have never published
> or revealed the address "info at that-domain", that address might
> receive email from an innocent sender.
I do not understand why you say that -- and so you are launching that
particular argument from a premise which I do not accept as fact.
>> I don't think that spamtraps are manually eliminated by deputies who
>> find them forge subscribed in confirmation hits. In fact, I don't
>> think spamtrap addies are manually eliminated for any reason -- even
>> if the reason might be that the spamtrap addy does not appear to be
>> a 'secret' any more.
>
> This is the problem. If some prankster finds a spamtrap address by
> rummaging around in the places where spammers go digging for email
> addresses, and pastes it into the email field on a subscription
> form somewhere, then the responsibly-run list will send a brief
> email to that address saying something of the form:
Yes, indeedy.
> Someone (we hope it was you) submitted your email address
> I really hope that this confirmation request does not trigger
> a blocklist entry for the sending IP.
Yes, it would. If it hit a spamcop reporter, the reporter is not
supposed to report it if s/he reads it and plays by the rules. If it
hit a spamtrap, then the spamtrap would report it and the source would
be counted toward the SCbl. In addition to that counting, it is very
important to realize that no provider is going to get a notify from a
spamtrap hit -- so as a result another safeguard is removed, namely that
of the reported having an opportunity to receive a link to the evidence
of the report.
Ellen has stated that spamtraps make less mistakes than reporters.
>> My concept of a dictionary attack
> Yes, exactly.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list