On 2004-12-03 13:03:23 +0530, aseem_jakhar(_at_)persistent(_dot_)co(_dot_)in
wrote:
"Many" is good enough, spammers and worm authors won't waste
their time with something not working at say AOL or behind SA.
The idea of creating a confusing patchwork lattice mesh that the
spam would have to work its way through is fine. But SPF is not at
all difficult to defeat... you just send the mail using the
infected victim's authorizations.
Tell me one spmmer who has the time and patience to first email a worm +
sniffer to a victim and then wait for the sniffer to sniff the victims
username pwd and other user name pwd. and then start using those ID/pwd
for sending out mails,
Spammers are already sending out worms to their victims. Currently these
worms install zombies which then send out mails using random sender
addresses directly to the target MX. If that stops working, these
zombies will start using the credentials and SMTP server found by
reading the registry, tricking the user or sniffing traffic. Sure, that
is a bit more difficult than what they do now, but what they do now is a
lot more difficult than what they did a few years before, so you can
expect that they will do it if they have to.
worst if the network is switched , then wasting time in arp spoofing
and waiting to sniff.
Doesn't make much difference. They only need the traffic for the local PC.
There are still open relays , return path forgeries etc used by spammers
because most ppl rely only on Anti spam wonder products and they don't
want to take any initiative on their own or just don't know about things
they can do to prevent spam.
Spammers will use whatever method works for them. If there are still
open relays, at least some spammers will use them.
undoing the DAMAGE that SPF has done
There's no "damage", if you don't like it just don't publish a
sender policy.
Again, you're ignoring things like discussion group/mailing lists,
message digests, and so forth. Anybody who makes the mistake of
supporting SPF later finds that they can't send mail using their
business E-mail address when they are (say) on a cruise ship
vacation or at an Internet cafe in some other country.
SMTP AUTH is a simple and effective way.
SMTP AUTH works only between parties which know each other. I can use
SMTP AUTH to authenticate myself against our SMTP server. But when our
SMTP server forwards the mail to the target MX, it cannot use SMTP auth
to prove that it is authorized to send mail on my behalf. To the target
MX, our SMTP server is indistinguishable from some zombie sending spam
with my address. SPF, MTAmark etc. try to fix that by marking "official"
SMTP servers. Blocking port 25 outbound on dynamic ranges would be
accomplish about the same thing (only in a more drastic and effective
way).
hp
--
_ | Peter J. Holzer | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt.
| | | hjp(_at_)hjp(_dot_)at | Hallig Gröde ist fast gänzlich
dialektfrei.
__/ | http://www.hjp.at/ | -- Hannes Petersen in desd
pgpHm26Zb8jx7.pgp
Description: PGP signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg