Spam over Tor
Michael Holstein
michael.holstein at csuohio.edu
Thu Oct 25 13:39:02 UTC 2007
> What exactly is happening? Somebody is using your Tor exit node to
> access a website (yahoo mail) and using that to send spam? And this is
> being traced back to you by the spam being traced back to Yahoo, and
> Yahoo checking their webmail logs and finding your exit node's IP?
Look at a Yahoo! mail's headers .. the IP of the submitter (by HTTP from
...) is in there.
I don't see how this is any different than the "pwned" calls (eg: "hey
dood .. somebody flamed my blog from yer server!") .. people have been
using free porno (or whatever) to get folks to answer Yahoo/Hotmail
catchpas for a while now .. and then using those accounts to send spam
until Yahoo/Hotmail/etc figures it out and they move on to the next account.
Actually blocking Yahoo mail without causing other problems would
require a fair amount of work, but could be done by proxying outbound
traffic and filtering the specific bits of the URL that allow composing
an email.
More information about the tor-talk
mailing list