bbs.spamgourmet.com

discussion forums for spamgourmet
https://bbs.spamgourmet.com/

what about looping?

https://bbs.spamgourmet.com/viewtopic.php?f=7&t=167

Page 1 of 1

what about looping?

PostPosted: Fri Mar 05, 2004 3:16 pm
by caspertone
I just reread again the faq and saw that giving a SG address as forwarding address is forbidden for obvious looping reasons.

This is a question to evaluate SG security. It could be imagine that
badspammer could set up an SG account. suscribe to millions sites with the given address. Accept suscriptions in the given email address. Then, make forward that email address to the SG address, but before, make the initial a trusted sender of the account. Then, wait for SG to blow.

Has this scenario been though? Is it possible to set up as a trusted or exclusive sender one of the previous forwarding addresses? If it is forbidden, what about another forwarding loop to make the attack?

Thanks,
CTone

PostPosted: Fri Mar 05, 2004 4:30 pm
by SysKoll
Caspertone,

Congratulations, you should be a software tester. That's indeed a possibility. We are preparing a method called throttling that will stop any account from forwarding an excessive number of email. Even in the looping scenario you describe, our method will detect the high volume of forwarded email and temporarily disable the account.

Josh, that's one more nasty scenario that makes throttling a priority.

PostPosted: Fri Mar 05, 2004 8:41 pm
by josh
throttling will prevent it from happening in our code -- we also have sendmail upstream, and it has some features to prevent this that are active.

In the early days, I did test this a few times, and sendmail stopped the loop.

nice to know that I arrive late ...

PostPosted: Tue Mar 09, 2004 8:30 am
by Caspertone
So, we continue in expert hands ...
Thks
CTone
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/