[Dshield] SPF

Ed Truitt ed.truitt at etee2k.net
Thu Nov 3 10:26:35 GMT 2005

One benefit of SPF (or SenderID) is to combat spambots by forcing them to use the host's ISP's outbound SMTP server.  If/when this happens, an alert (and reasonably smart) ISP will notice the spike in traffic a spam-run will generate (especially if multiple spambots go active at the same time), and cut off / quarantine the host until steps can be taken to resolve this.

Early this week, I got a call from my ISP/web host, who told me someone had exploited a vuln in a piece of code (a Nuked variant of the 'coppermine' photo gallery) and dropped a shell script on the systen which, when executed (via the web site) would spawn 40,000 PayPal phishes.  Needless to say, when they saw the abnormal activity, they put a stop to it right away.  So, it can be done.

-E D Truitt

Sent via my BlackBerry from Cingular Wireless

More information about the list mailing list