- List poisoning
The term list poisoning as related to electronic mail (
e-mail ), refers to poisoning a mailing list with invalid e-mail addresses.Industry uses
Once a mailing list has been poisoned with a number of invalid e-mail addresses, the resources required to send a message to this list has increased, even though the number of valid recipients has not. If one can poison a spammer's mailing list, one can force the spammer to exhaust more resources to send e-mail, in theory costing the spammer money and time.
Poisoning spammer's mailing lists is usually done by posting invalid email addresses in a
Usenet forum or on aweb page , where spammers are believed to harvest email addresses for their mailing lists. If using a dynamically generated web site for poisoning, the web site could link to itself infinitely, theoretically causing a spammer's mailing list to be substantially poisoned.Vulnerabilities
* Syntactically invalid email addresses used to poison a mailing list could be easily filtered out by the spammers, while using email addresses that are syntactically correct could cause problems for the mail server responsible for the email address.
* Implementations of spam poisoning systems can be avoided, if spammers learn of their location.
* Spammers often steal resources so that the efficiency of a mailing places little financial burden on the spammer.Implementations
*List poisoning [http://www.monkeys.com/wpoison/ code written in Perl] .
*List poisoning [http://www.webmasterworld.com/forum88/3104.htm code written in PHP] .
*Simple list poisoning [http://zzzy.freeshell.org/ code written in BASH shell script] and a [http://zzzy.freeshell.org/guestbook working example] .
*An [http://www.spampoison.com/ example of list poisoning] using a shared CGI at a public URL (Implemented on 1,470,000 sites).
ee also
*
Address munging
*Botnet
*E-mail address harvesting
*Spamtrap
*Stopping e-mail abuse
Wikimedia Foundation. 2010.
