[SURBL-Discuss] SURBL DoS possible?
Jeff Chan
jeffc at surbl.org
Thu Jul 29 14:20:10 CEST 2004
On Thursday, July 29, 2004, 6:40:44 AM, Mariano Absatz wrote:
> I was wondering...
> I didn't look at the source code for the SpamCopURI or the SA 3.0
> plugin but I guess it just looks for URI's within the messages and
> issues a DNS query to the configured SURBLs for every different
> canonicalized domain name... is it?
> What would happen if a spammer intentionally starts putting hundreds
> of different invisible random URIs within the message trying to DoS
> SURBL?
> Does the SA plugins check for this condition? Or have a limit as to
> how many SURBL queries will it issue for a given message?
I believe both SpamCopURI and urirhsbl/urirhssub both limit
the number of SURBL queries per message, and hopefully both
also ignore unclickable URIs (those with empty anchors).
Perhaps someone more familiar with the current source code
can confirm.
Jeff C.
More information about the Discuss
mailing list