Re: a header authentication scheme


Claus Assmann writes:

On Fri, Oct 22, 2004, Arnt Gulbrandsen wrote:
Step 1. I'd send five messages to nosuchuser(_at_)do(_dot_)ma(_dot_)in and wait forthe bounces. For each of them, I'd compute the delay from mysending time (using my clock) to the receiving MTA's receive time.Next, I'd average the five values.
Where do you get the time of the server? Many MTAs don't accept mailfor unknown recipients, so it's your MTA that generates the bounce.

I don't suppose it matters, since even in the best case, there's verylittle entropy in the time-date value, so id has to be better.

But since you ask: Usually I can get time and timezone from the SMTPserver's banner. I can also often guess based on its geographicallocation (which I can guess from IP address). This won't get me thedelay, but if all I want is to spam n million recipients, assuming[1,15> is pretty good. Few MTAs are faster, few are slower.


Arnt

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a header authentication scheme, (continued) Re: a header authentication scheme, Laird Breyer Re: a header authentication scheme, Bruce Lilly Re: a header authentication scheme, Laird Breyer Re: a header authentication scheme, Bruce Lilly Re: a header authentication scheme, Laird Breyer Re: a header authentication scheme, Bruce Lilly Re: a header authentication scheme, Laird Breyer Re: a header authentication scheme, Bruce Lilly Re: a header authentication scheme, Bruce Lilly Re: a header authentication scheme, Charles Lindsey Re: a header authentication scheme, Arnt Gulbrandsen <=

Previous by Date:	Re: a header authentication scheme, Bruce Lilly
Next by Date:	Use of Reply-To, Bruce Lilly
Previous by Thread:	Re: a header authentication scheme, Charles Lindsey
Next by Thread:	Re: Angle brackets surrounding Content-ID, Charles Lindsey
Indexes:	[Date] [Thread] [Top] [All Lists]