I came up with a neat technique for tracing this kind of abuse.
I run into it not only with mailing lists, but with braindead MTAs
that reply to DSNs - and then don't even include the recipient of the
DSN!
My solution is yet another application of SRS. Before sending
a DSN or a message to a mailing list member, I SRS encode the recipient
into the Message-ID header along with a serial #. This is usually
preserved in a response - even when nothing else is (don't ask me
why). The original recipient is then easily extracted, and the SRS hash
prevents someone playing mean tricks on an innocent recipient via
spoofing.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com
I run into it not only with mailing lists, but with braindead MTAs
that reply to DSNs - and then don't even include the recipient of the
DSN!
My solution is yet another application of SRS. Before sending
a DSN or a message to a mailing list member, I SRS encode the recipient
into the Message-ID header along with a serial #. This is usually
preserved in a response - even when nothing else is (don't ask me
why). The original recipient is then easily extracted, and the SRS hash
prevents someone playing mean tricks on an innocent recipient via
spoofing.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com