"Mangled&Munged" <postmaster@127.0.0.1> wrote in
news:XxTnb.4713$Q9.2410@nwrddc02.gnilink.net:

> Answers below:
>
> "Al Bundy" <Al.Bundy@127.0.0.1> wrote in message
> news:Xns9422C67BDD8D2AlBundy@news.verizon.net...
>> Q is if an address miner picks up on xxx@127.0.0.1 and tries to send
>> email, is it the spammer that gets the bounce or the spammers server?
>> Not that it matters, just curious.
>
> There are two possibilities:
>
> (Spammer has a mail server)
> The IP address 127.0.0.1 is the address of the local host's loopback
> device. Thus it is a valid IP address, and if it happens to have a
> mail server listening on port 25, then indeed, the spammer is the
> one that gets his/her own spam. This has the added advantage that
> the spammer consumes no real network bandwidth (ISP, or Internet),
> just burns his/her own CPU bandwidth. It will not only tie up CPU
> sending the email to itself, but it will likely reply with an error.
> "Undeliverable, unknown user". The reply will be sent back to
> 127.0.0.1 and the loop begins again, as the spammer will likely not
> use a reply address that is routable :-) Outch, in this case the mail
> server is now going to try over and over to deliver the screwy email,
> for around 3 days and then give up. If enough people use this method
> the spool area on the spammers email server will overflow, and the
> CPU resources will become depleated. Oh well, they were not being
> used for anything useful anyway :-)
>
> (Spammer does not have a mail server)
> If the system does not have a mail server running, then the email
> will be sent to the ISP. At this point the destination of 127.0.0.1
> will be again a valid IP address and will be the loopback device on
> the ISP's server. Again, the only bandwidth consumed is limited to
> the spammers host, and the ISP's server. Again, the spam does not
> traverse the Internet. But wait, if one were just a bit more clever
> then one would use an email address of postmaster@127.0.0.1 By
> using this address, the mail that makes it to the ISPs server will be
> sent to the mail server running on the same ISP host. But this time
> the recipient exists. He/She is very likely the administrator of the
> mail server. And, when he/she starts getting hammered by this
> spammer, he/she will get very motivated to terminate their account.
> Another possibility would be abuse@127.0.0.1 but most harvestors
> are smart enough to detect this and avoid sending mail to anyone
> named "abuse" :-)
>
> For even more interesting possible interactions, think about
>
> Yall@224.0.0.1
>
> This is a multi-cast, that is directed at all systems on a subnet, but
> not going to be forwarded through a router. Hmmm... If the
> spammer has a mail server, or a bunch of them, this could be
> an interesting email address :-)
>
> Or perhaps hello@224.0.1.125
>
> This is the address for Poly-Com relays. So.. perhaps one might
> even affect the phone systems at the spammers site :-)
>
> Or perhaps remote@224.0.12.1
> This is the address for multi-cast MSNBC. So... with any luck
> you might be able to affect the spammer's ability to watch MSNBC
> on their systems in the building. :-)
>
> Oh darn, I can't seem to find an interesting address that might
> cause the elevator, or the garage door to malfunction...Too bad :-)
>
> Yours truly,
> Mangled&Munged
>
>
>
>


Love it! Even if it is only theory. Archived it anyway :-) Thanks.