[Are BlackLists Enough ? : The Security implementation through Lists] ===================================================================== Triosec , Secniche Security The spamming problem is arising very craftly day by day. As during my P Test hours I have noticed this issue a lot.The pace is even too high for this.The spammersare really frustrating the internet users by swapping internet resources for this illegal activity. -=[Our Main Point to look at is : Are Blacklists a solution ?]=- The blacklists are considered to be as one of the solution of this email spamming but this technique is even not reliable after some extent.The theory behind this is that application of blacklisting define on the basis of static layout ie you have a archive of addresses that you can configure in blacklist file and set in the activation mode.But this solution not seems to be much effective now a days. -=[Why this is so?]=- This is beacuse all the trend of spamming has been shifted to Random Email Address Builder ie spammers are now able to design programs htat builds random email addresses but uses hacked domains to deliver mails. As only recipient field is matter but not senders. Example: Delivering mail.....A module lookup for ($Ret=1 ; $Ret <= $Mail_Hit ; $Ret++) { $Connect_Object=Net::Telnet->new( Host => "$Remote_Target",Port => 25 ); if($Mail_Type =~ "A") { $Helo="helo root"; $Mail_From="mail from: ZeroDay\@Zero\.Com" x $Ret; $Rcpt_To="rcpt to: root"; } if($Mail_Type =~ "B") { $Helo="helo root"; $Mail_From="mail from: ZeroDay\@Zero\.Com"; $Rcpt_To="rcpt to: root" x $Ret; } if($Mail_Type =~ "C") { $Helo="helo root"; $Mail_From="mail from: ZeroDay\@Zero\.Com" x $Ret; $Rcpt_To="rcpt to: root" x $Ret; } if($Mail_Type =~ "D") { $Helo="helo root"; $Mail_From="mail from: ZeroDay\@Zero\.Com"; $Rcpt_To="rcpt to: root"; } } or mail($To, $Email_Subject, $Email_Message, $Email_Headers); ?> The typical example of sending mail.The email headers can be manipulated to whatever the spammer thinks.Moreover with random generation of email addresses the flooding can be done. The blacklists are basically defined for specifcally domains,Now a days better solutions are desired for this. The inference is that we need one step ahead to combat these problems. ======== Zknk