I am not an IP expert, so I defer to those on this list who have such
expertise. It seems like folks on this list are not so concerned about
spammers/fraudsters spoofing IP addresses, and that brings me some
comfort. :) I believe the success of Sender-ID assumes spammers cannot
spoof IP Addresses.
I understand this is not easy to do. My concern is the degree of
difficulty/expense it takes to do so. I saw one vendor who claims to
have a sample, fraudulent message claiming to be from US Bank where the
IP address was spoofed.
e.g. how difficult is it for the spammer to get the whole transaction
into a single packet so they can ignore return messages (blind attack),
forge the packet's source address, get it through firewalls and routers
that don't verify the source address, guess the sequence number, etc...
Are we worrying enough about the potential for spammers to do IP Address
spoofing?
Or will it just be easier for them to write viruses/worms which carry
spam-bots as their payload?!
Regards,
Nate