[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sr #105343] message digests

On June 22, 2006 at 17:40, Ed Wildgoose wrote:

> > Only a problem if you have software that creates message-ids that
> > include actual email addresses.  This is unusual, and with the spam
> > world we live in today, not recommended.
> Aha.... This finally explains the huge unstoppable spam runs I have been 
> seeing against my mailserver.  I thought it was some dumbass who was 
> trying some wierd number based dictionary spam on my server (despite 
> plenty of 554 responses), but now I see that it was all my msgid's that 
> were being harvested!
> Is it possible to at least mangle them in some way so the dumb robots 
> don't think they are real.

A good argument to use something like the MD5 hash of the message-id
as linking/threading handle versus the ID itself.

This should be technically possible w/o having to redesign mhonarc code.
It may be possible to MD5 the message-id and references/in-reply-to
data when a message is first read and use the resulting values for
threading calculations.

Some extra work is needed for the auto-link of message-ids in
message bodies.  The message-id in the body would have to be hashed
first before checking if it can be linked.  Of course, those doing
anti-harvesting customizations (e.g. SPAMMODE) on their archives,
message-id linking in irrelevant (since message-ids look like addresses
and gets masked/obfsucated).

RMM will need to be made aware of such things since it can take

What needs to be determined is if hashing of IDs should always be
done or if it should be controled by a resource (e.g. HASHMESGIDS).
Since a perl installation may not have the MD5::Digest module installed,
mhonarc would definitely need to work with and w/o hashing.


[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]