David B Funk wrote to Mariano Absatz:
The only way that it could be used as a true DDoS would be if the spammers were to create unique sets of URLs for -each- message.
Sure, they could randomize it.
This tends to run counter to their bulk sender paradigm as it would require computational cost and central bandwidth for each message sent.
Agreed.
If this were to come to pass then we would need that 'MAIL_HAS_CRAPLOAD_OF_INVISIBLE_URIS' rule. ;)
Yep. :-) Actually, *any* invisible URIs would probably be a good indicator of spam, but making that an eval rule would allow for thresholds, so a mail with five invisible URIs would be hit a lot harder than a mail with one or two.
Hmm... Has anyone done any work on such a rule? If not, I might take a stab at it.
- Ryan