[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-07-04 13:55:28
On Mon, 04 Jul 2005 14:07:37 EDT, Hector Santos said:

The same is true with the client domain name (HELO/EHLO).  If a server's
local domain name is used and the IP address is unrecognized, then this is
clear 100% detectable, indisputable SPOOF.  There is no LMAP forwarding
issue here.

There's no forwarding issue because the parameter of HELO/EHLO isn't used
for forwarding decisions.

I'm curious how you arrived at "100% SPOOF" - are you *positive* that out of all
the mail software out there (including all the products that get simple stuff
like a space between : and < on a MAIL FROM wrong), *NONE* ever does the 

1) Figure out its IP address that it just got handed by DHCP.
2) Try to look up the PTR to get its hostname, and fail to get a valid answer.
3) Send the preconfigured 'SMTP Smarthost' name on the HELO, just because we 
it and it's handy, and the programmer didn't know about 'HELO [i.p.add.ress]'

Sure, it's *LIKELY* to be a spoof, but:

1) It isn't a *positive* proof.
2) As a result, bouncing mail because of a failure is quite the anti-social 
to do.

Attachment: pgpYNHt6dBvx6.pgp
Description: PGP signature