[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-06-29 14:54:27

At 15:20 -0400 on 06/28/2005, Hector Santos wrote about Re: Bounce/System Notification Address Verification:

 > to do so
 would allow a spammer to send you a MAIL FROM/RCPT TO on a
 first connection, then once the callback shows up, use *that*
 information to create what looks like a "callback to a callback",
 but proceed to the DATA step. Whoops.. ;)

You are going to have to explain that line of thought..

Spammers starts a session:

     MAIL FROM: <spammer>
     RCPT TO: <local user>

CBV is started before RCPT TO response is issued:  At the spammer host:

     MAIL FROM: <>
     RCPT TO: <spammer>

What happens now?  Spammer does a call back to where?

Since we were talking about the Verizon CBV, that Mail From will be from <antispam579542(_at_)west(_dot_)verizon(_dot_)net so the spammer will do his CBV to that address. The correct response (as I noted) by Verizon would be to send a "Valid Address" response back. If this was real CBV, the next step would be a QUIT (to drop the connection). Since we are seeing what would occur since we are a spammer, a DATA is sent instead. In that case, Verizon SHOULD respond by dropping the connection (or sending a rejection code reply and drop the connection if the next response is not QUIT or RSET).

<Prev in Thread] Current Thread [Next in Thread>