Dictionary Attack Help? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Dictionary Attack Help?

Quoted text here. Click to load it

There is/was an anti-spam approach that consisted of refusing (whether
it was a DENY or a bounce I don't know) _all_ emails the first time
around. Apparently the spambots don't bother to resend, but proper
email servers do. Once it has been resent then you whitelist it.
Something like that anyway.

Spammers probably do try to refine their lists, after all they've got
finite resources too.

Re: Dictionary Attack Help?

On Sat, 27 Oct 2007 11:37:07 -0500, Ben C put finger to keyboard and

Quoted text here. Click to load it

It's called greylisting. The way it works is that the first attempt is
neither accepted nor denied; instead, the receiving server returns a
"temporarily unavailable" response (exactly the same as it would do if
it was suffering some kind of fault or inability to accept mail, such
as a full disk). A correctly configured sender system will simply
store the mail it's trying to send and retry a bit later - typically,
it will wait an hour before a second attempt. On the second attempt,
the receiving system will recognise that it's a second attempt to send
the same mail and accept it this time round.

As a method of reducing spam it's very effective, because most spam
systems don't bother storing and resending mail if it doesn't get
through the first time. That's because the economics of sending spam
rely on sending very large quantities of email messages as quickly and
cheaply as possible without really caring what happens to them after
they're sent; if the spam senders had to use systems that can handle
transient errors then the costs of sending spam would rise
considerably. The downside of greylisting, though, is that it will not
only reduce spam but it also means you won't get mail from any
"normal" sending system that happens to not be correctly configured to
handle recipients with temporary errors. And there are, unfortunately,
quite a lot of those - even some large ISPs often can't configure
their mail systems correctly.

Blog: http://Mark.Goodge.co.uk Photos: http://www.goodge.co.uk
"Love is a precious thing, worth the pain and suffering"

Re: Dictionary Attack Help?

So far a few of the domains I checked have :fail: No Such User Here for the
Shouldn't that have stopped a dictionary attack from doing any real harm?

The site in question should have also had that although I can't look just
now as it is offline
by the host.


Re: Dictionary Attack Help?

Heidi wrote:
Quoted text here. Click to load it

The problem with :fail is the spammer knows the message wasn't
delivered.  Those which aren't bounced are by default good email
addresses.  That's part of the reason for a dictionary attack.

With :blackhole he has no idea whether the address is good or not.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: Dictionary Attack Help?

Quoted text here. Click to load it

That's something the host needs to take care of instead of threatening
its customers. Buncha losers, if you ask me. :P

Steve Sobol, Victorville, CA     PGP:0xE3AE35ED  www.SteveSobol.com

SoCal Fire news @the L.A. Times: http://latimesblogs.latimes.com/breakingnews /
Local wildfire coverage, KFMB-TV San Diego: http://cbs8.com /

Re: Dictionary Attack Help?


Quoted text here. Click to load it

I agree. That's a terrible policy. It's punishes the victim without even
giving any instructions for what to do.


Site Timeline