Spam over Tor

Michael Holstein michael.holstein at csuohio.edu
Thu Oct 25 13:39:02 UTC 2007


> What exactly is happening? Somebody is using your Tor exit node to
> access a website (yahoo mail) and using that to send spam? And this is
> being traced back to you by the spam being traced back to Yahoo, and
> Yahoo checking their webmail logs and finding your exit node's IP?

Look at a Yahoo! mail's headers .. the IP of the submitter (by HTTP from 
...) is in there.

I don't see how this is any different than the "pwned" calls (eg: "hey 
dood .. somebody flamed my blog from yer server!") .. people have been 
using free porno (or whatever) to get folks to answer Yahoo/Hotmail 
catchpas for a while now .. and then using those accounts to send spam 
until Yahoo/Hotmail/etc figures it out and they move on to the next account.

Actually blocking Yahoo mail without causing other problems would 
require a fair amount of work, but could be done by proxying outbound 
traffic and filtering the specific bits of the URL that allow composing 
an email.



More information about the tor-talk mailing list