[Top] [All Lists]

Re: a header authentication scheme

2004-11-01 08:45:15

Claus Assmann writes:
On Fri, Oct 22, 2004, Arnt Gulbrandsen wrote:
Step 1. I'd send five messages to nosuchuser(_at_)do(_dot_)ma(_dot_)in and wait for the bounces. For each of them, I'd compute the delay from my sending time (using my clock) to the receiving MTA's receive time. Next, I'd average the five values.

Where do you get the time of the server? Many MTAs don't accept mail for unknown recipients, so it's your MTA that generates the bounce.

I don't suppose it matters, since even in the best case, there's very little entropy in the time-date value, so id has to be better.

But since you ask: Usually I can get time and timezone from the SMTP server's banner. I can also often guess based on its geographical location (which I can guess from IP address). This won't get me the delay, but if all I want is to spam n million recipients, assuming [1,15> is pretty good. Few MTAs are faster, few are slower.


<Prev in Thread] Current Thread [Next in Thread>