[jump-admins] STARTTLS and sp*m

Nick Waterman nw at noseynick.com
Wed Apr 16 19:43:02 CEST 2008

SM wrote:
> There was a document about scanning IPv6 space which deems it 
> feasible as the obvious IPv6 address will be a common mistake for 
> people operating with an IPv4 mindset.

At the very least, you could put up huge tarpits around your real MXes, 
and pollute your websites with hidden links to genuine-looking email 
addresses which point at some of those tarpits. A little like...

.tar { visibility: hidden; width: 1px; height: 1px; }

<div class="mailme">Mail me at <a class="tar" 
href="mailto:tar at tar.domain.fict">tar at tar.domain.fict</a>
<a class="real" href="mailto:me at home.domain.fict">me at home.domain.fict</a>
<a class="tar" href="mailto:pit at pit.domain.fict">pit at pit.domain.fict</a>

tar.domain.fict   MX    tar.domain.fict
tar.domain.fict   AAAA  2001:ba8:0:1db::1337:1014
home.domain.fict  MX    tar.domain.fict
home.domain.fict  AAAA  2001:ba8:0:1db::1337:1015
pit.domain.fict   MX    pit.domain.fict
pit.domain.fict   AAAA  2001:ba8:0:1db::1337:1016

Then "tar" and "pit.domain.fict" either run LaBrea or some other fake 
SMTPD who's sole purpose is to talk veeeeeeeeeeeeeerrrrrrryyyy slow SMTP 
  whilst also reporting your IP to all the RBLs. Spammers can then feel 
free to scan the vast areas of ipv6 space, but they stand maybe 30 
chances of landing in a tarpit for every 1 real SMTPD, which can still 
greylist you for 2 minutes and reject you if you landed in a tarpit in 
the meantime.

"Nosey" Nick Waterman, VA3NNW/G7RZQ, K2 #5209.
use Std::Disclaimer;    sig at noseynick.net
Jimi Hendrix's modem was a Purple Hayes.

More information about the ipv6-ops mailing list