To: "Ken Hirsch" <kenhirsch(_at_)myself(_dot_)com>
From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
...
> That is simply wrong. All spam carries the unforgeable signature
of a sending IP address.
Anyone can type in forged headers. Sending a message where it's not
possible to detect the forgery is theoretically possible, but I've
never seen a documented case. (Which is not to say that I think that
signing isn't a good idea, or that I agree with Vernon's claim that
figuring out those headers is something that can easily be done by
the people who need to do it--but it can be done.)
Why do you guys keep talking about headers? Of course headers can be
forged (unless they're added by your own software). Who cares? I'm
not talking about headers. I'm piqued that you think I'm so stupid
or at least ignornant and unthinking that I might be talking about
obviously forgeable headers. I'm quite frustrated that every time I
write "IP address" it is read as something about SMTP headers.
Again, the practically unforgeable token that has always come with
every SMTP mail message is not in the headers or even in the SMTP
envelope. It is in the IP destination field of every SMTP/TCP/IP
packet from the sending system or SMTP client. That 32 or 128-bit
value almost always fingers a person or organization that bears a
large part of the responsibility for sending the message. (The
exception is "hijacked" IP addresses of recent note. That exception
is akin to Verisign signing those certificates for the fake Microsoft.)
Yes, I know about TCP ISN predicting, the Mitnick/Bellovin attack,
RFC 1948, and related topics. I profess to be a kernel hack with
interests in networking. As such, I claim that the IP address of the
SMTP client is practically unforgeable for spam.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg