The term list poisoning as related to electronic mail (e-mail), refers to poisoning a mailing list with invalid e-mail addresses.
Industry uses
Once a mailing list has been poisoned with a number of invalid e-mail addresses, the resources required to send a message to this list has increased, even though the number of valid recipients has not. If one can poison a spammer's mailing list, one can force the spammer to exhaust more resources to send e-mail, in theory costing the spammer money and time.
Poisoning spammer's mailing lists is usually done by posting invalid email addresses in a Usenet forum or on a web page, where spammers are believed to harvest email addresses for their mailing lists. If using a dynamically generated web site for poisoning, the web site could link to itself infinitely, theoretically causing a spammer's mailing list to be substantially poisoned.
Vulnerabilities
- Syntactically invalid email addresses used to poison a mailing list could be easily filtered out by the spammers, while using email addresses that are syntactically correct could cause problems for the mail server responsible for the email address.
- Implementations of spam poisoning systems can be avoided, if spammers learn of their location.
- Spammers often steal resources so that the efficiency of a mailing places little financial burden on the spammer.
Implementations
List poisoning code written in Perl is available [1].
List poisoning code written in PHP is available [2].
An example of list poisoning using a shared CGI at a public URL is available [3] (Implemented on 1,470,000 sites).
See also
|
