[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Spam over Tor



Michael Holstein wrote:

What exactly is happening? Somebody is using your Tor exit node to
access a website (yahoo mail) and using that to send spam? And this is
being traced back to you by the spam being traced back to Yahoo, and
Yahoo checking their webmail logs and finding your exit node's IP?

Look at a Yahoo! mail's headers .. the IP of the submitter (by HTTP from ...) is in there.

I don't see how this is any different than the "pwned" calls (eg: "hey dood .. somebody flamed my blog from yer server!") .. people have been using free porno (or whatever) to get folks to answer Yahoo/Hotmail catchpas for a while now .. and then using those accounts to send spam until Yahoo/Hotmail/etc figures it out and they move on to the next account.

People can already block tor exit nodes connecting to their SMTP servers with ease. Blocking tor exit nodes that connected to yahoo to send email is only slightly more difficult, because of the received header that you mentioned. If spam ever became a problem on Tor, which I doubt, it would be easy for email admins to protect themselves from it. If yahoo ever see it as a problem, they can block it themselves.

Actually blocking Yahoo mail without causing other problems would require a fair amount of work, but could be done by proxying outbound traffic and filtering the specific bits of the URL that allow composing an email.

imo, that's a bad idea. If you're not willing to allow people to access a service via Tor, reject it in your policy. Don't allow it in your policy and then cripple access to it.

Mike