On 2012-10-20 21:42:57 -0000, John Levine wrote:
} Is there a reason why a legitimate MTA (talking to MXs, not submission
} servers) would want to hop around in its net?
Probably not, although I'm waiting for ESPs to figure out that if they
send every message from a different IP,
I thought of that but I wouldn't be surprised to overflow the router's
ARP table even with our moderately sized mailing-lists (a few thousand
subscribers at most). That's why I only mentioned "one address per
customer", not "one address per message" as a likely tactic.
it'll be much easier to process bounces and complaints since all
they'll need is the IP to figure out what the list and address was.
Is it? For mailing-lists, I think VERP is simpler and more robust. The
IP address is buried somewhere in the Received headers of the bounced
message, so you have to parse those. For complaints to an ISP about a
customer that might indeed be useful. Depends on what information is
included in the complaint. If it contains the complete header of the
message there is probably other identifying information. It it doesn't,
chances are that the IP address isn't included, either.
Bad guys could use it to listwash, of course, but it's not totally
ridiculous.
There are other ways to listwash. I'm more worried that the bad guys are
using rapidly changing IP addresses to escape or overflow BLs.
hp
--
_ | Peter J. Holzer | Der eigene Verstand bleibt gefühlt messer-
|_|_) | Sysadmin WSR | scharf. Aber die restliche Welt blickt's
| | | hjp(_at_)hjp(_dot_)at | immer weniger.
__/ | http://www.hjp.at/ | -- Matthias Kohrs in desd
signature.asc
Description: Digital signature
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg