Spam over Tor
Mike Cardwell
tor at lists.grepular.com
Fri Oct 26 09:07:26 UTC 2007
Michael Holstein wrote:
>> What exactly is happening? Somebody is using your Tor exit node to
>> access a website (yahoo mail) and using that to send spam? And this is
>> being traced back to you by the spam being traced back to Yahoo, and
>> Yahoo checking their webmail logs and finding your exit node's IP?
>
> Look at a Yahoo! mail's headers .. the IP of the submitter (by HTTP from
> ...) is in there.
>
> I don't see how this is any different than the "pwned" calls (eg: "hey
> dood .. somebody flamed my blog from yer server!") .. people have been
> using free porno (or whatever) to get folks to answer Yahoo/Hotmail
> catchpas for a while now .. and then using those accounts to send spam
> until Yahoo/Hotmail/etc figures it out and they move on to the next
> account.
People can already block tor exit nodes connecting to their SMTP servers
with ease. Blocking tor exit nodes that connected to yahoo to send email
is only slightly more difficult, because of the received header that you
mentioned. If spam ever became a problem on Tor, which I doubt, it would
be easy for email admins to protect themselves from it. If yahoo ever
see it as a problem, they can block it themselves.
> Actually blocking Yahoo mail without causing other problems would
> require a fair amount of work, but could be done by proxying outbound
> traffic and filtering the specific bits of the URL that allow composing
> an email.
imo, that's a bad idea. If you're not willing to allow people to access
a service via Tor, reject it in your policy. Don't allow it in your
policy and then cripple access to it.
Mike
More information about the tor-talk
mailing list