ietf-mxcomp
[Top] [All Lists]

Re: When spoofing is.

2004-03-21 11:32:26

In <20040321174750(_dot_)GZ67093(_at_)bitshift(_dot_)org> "Mark C. Langston" 
<mark(_at_)bitshift(_dot_)org> writes:

On Sun, Mar 21, 2004 at 05:13:47AM -0800, Hallam-Baker, Phillip wrote:

[example SMTP session with all domains spoofed]

And we should prevent giving folk like this some pain because???


Can you distinguish between that evil postcard site based on RFC2821
identity, and a mobile user attempting to use an address other than the
one his ISP has assigned him (say, for example, his work address)?

No, we can't make a distinguish between various kinds of
spoofing/forgery/munging/whatever-you-want-to-call-it. 


Assume for the sake of argument that the ISP blocks outbound port 25,
465 and 587, so the entity cannot connect directly to their office MTA.

Well, I have a whole bundle of disagreements with this sentence.

First, you would also have to assume that the ISP blocks all VPNs,
port 80/443 traffic to webmail systems run by their company, SMTP over
other ports and all other means to communication with their office.
I doubt that you can find such an ISP, but if you do, I would
recommend not using them.   They don't sound particularly useful.

Can you cite any examples of ISPs that prevent all communication?


Second, does the hypothetical ISP prevent email going through there
MTA to have the same RFC2821 MAIL FROM as the RFC2822 From: data?
If not, you can, at least theoretically, use your ISPs account on the
RFC2821 MAIL FROM: and your work address on the From:.  This is
basically what all mailing list software does.

Can you cite examples of ISPs that would have such a restriction?


Third, I can understand an ISP/Companies blocking port 25 traffic
from other than their authorized MTAs.  The vast majority of such
email is spam, and blocking such traffic cuts down on abuse desk
costs.  However, I have a much harder time understanding why an ISP
would block 587 traffic.  It is my understanding that almost all MTAs
require some sort of validation before accepting email on the
submission port.

Can you cite examples of MTAs that accept unauthorized email to port
587?  Can you cite examples of ISPs that block port 587?


Fourth, if someone is really in a very locked down network (public
access terminals?), is it really that unreasonable to ask them to use
the appropriate email address and add a comment to the top of the
message that says "Hi, I'm at a restricted terminal, this is really
foo(_at_)example(_dot_)net"?


Domain owners that publish LMAP restrictions need to be aware that in
some cases, their legitimate users will have to make some changes.  I
don't see this as a big problem.


Or, shall we force everyone who travels on business to expose their
personal email accounts when conducting business while on the road? 

I'm not sure what you mean by "expose" here.


-wayne


<Prev in Thread] Current Thread [Next in Thread>