List poisoning
The term list poisoning as related to electronic mail (e-mail), refers to poisoning a mailing list with invalid e-mail addresses.
Contents |
[edit] Industry uses
Once a mailing list has been poisoned with a number of invalid e-mail addresses, the resources required to send a message to this list has increased, even though the number of valid recipients has not. If one can poison a spammer's mailing list, one can force the spammer to exhaust more resources to send e-mail, in theory costing the spammer money and time (although in reality it does not cost more money and makes an insignificant difference on time to send[citation needed]).
Poisoning spammer's mailing lists is usually done by blacklists submitting fake information to email submit style offers, or by posting invalid email addresses in a Usenet forum or on a web page where spammers are believed to harvest email addresses for their mailing lists.
[edit] Vulnerabilities
- Syntactically invalid email addresses used to poison a mailing list could be easily filtered out by the spammers, while using email addresses that are syntactically correct could cause problems for the mail server responsible for the email address.
- Implementations of spam poisoning systems can be avoided, if spammers learn of their location.
- Spammers often steal resources so that the efficiency of a mailing places little financial burden on the spammer.
[edit] Implementations
- List poisoning code written in Perl.
- List poisoning code written in PHP.
- Simple list poisoning code written in BASH shell script and a working example.
- An example of list poisoning using a shared CGI at a public URL (Implemented on 1,470,000 sites).
- Another example of list poisoning that throws the harvester in an endless loop of dynamically generated email addresses.
[edit] See also
|
|||||||||||||||||||
