Moreover, although people don't really think of IP spoofing as a
concern due to it's unroutable nature in two way conversations, our
tests have shown that Spammers are increasingly taking advantage of
this on a one way "Broadcast" stream to drop emails with the proper
IP's (especially in a private relay system with NAT'ing).
Asymmetric routing has been a well-known spammer trick for years.
Ernesto Haberli specialized in it.
For people not familiar with it, the mail sender has a fast connection
like a T1, and a slow disposable connection like a dialup connected to
the same computer. The packets all go out with the IP of the slow
connection, but sent via the fast connection. This makes it much
harder to detect the fact that the spammer's using the fast connection
since traceroutes will only show the slow one.
This hardly slows delivery at all, since sending e-mail, particularly
with large messages, sends out big packets and gets back little ones.
The only visible IP is the disposable one; when the ISP gets
complaints and cancels the dialup, the spammer just switches to a
different dialup account and keeps going.
If ISPs did ingress filtering, this wouldn't work, of course.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.