ietf-asrg
[Top] [All Lists]

[Asrg] 0. General - Not sure where this fits

2003-12-21 05:35:49

Hi All

An interesting job was recently advertised on a software coders auction
site.

It goes something like this....


=======================================

Coder wanted to create perl mail program

Mail program operates as an MTA-intermediate

Mail program must be able to forge the previous domain in the MTA chain,
this domain is selectable and will be a valid domain with a reverse DNS

Mail program must be able to switch domains using domain list text file

...

=======================================


From what I can see this "job" specifically targets anti spam measures that
use reverse DNS (ip blacklists) to determine the sender. by simply saying my
name is joe.com and I got message from jane.com for you.

because everybody knows jane.com the message is accepted. (until Jane is
blacklisted through no fault of her own)

Which of the proposed systems will overcome this form of "spoofing"? Is this
what is reffered to as "envelope forging" I tried a search on Gmane but did
not come up with much.

The only two forms I can think of are a pull system (you just knew I was
going to say that) and a message digest key (yahoo etc). ( I am ignoring
Challenge Response Systems as they seem to be both patented and without real
value IMHO)

from what I have read and I admit to some slackness here, most other
verification systems ignore the MTA-i and just concentrate on the MTA-s.

In which case as the supposed sender domain is legitimate (and perhaps even
the senders email address) the message slips thru most filters.

By simply monitoring the IP blacklists the spammer changes the spoofed
source domain as soon as the current one gets listed. so no messages are
lost.

also if the spammer simply gets a one month account on any of thousands of
available servers he just deletes the source code on one server and moves to
the next when joe.com gets listed as the source of the spam.


Chris



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>